Samba 4.7.9 (gzipped)
Signature
Patch (gzipped) against Samba 4.7.8
Signature
============================= Release Notes for Samba 4.7.9 August 14, 2018 ============================= This is a security release in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.) o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP server.) ======= Details ======= o CVE-2018-1139: Vulnerability that allows authentication via NTLMv1 even if disabled. o CVE-2018-10858: A malicious server could return a directory entry that could corrupt libsmbclient memory. o CVE-2018-10918: Missing null pointer checks may crash the Samba AD DC, over the authenticated DRSUAPI RPC service. o CVE-2018-10919: Missing access control checks allow discovery of confidential attribute values via authenticated LDAP search expressions. Changes since 4.7.8: -------------------- o Jeremy Allison <jra@samba.org> * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers. o Andrew Bartlett <abartlet@samba.org> * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user. o Tim Beale <timbeale@catalyst.net.nz> * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches. o Günther Deschner <gd@samba.org> * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth".