summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGustavo Zacarias <gustavo@zacarias.com.ar>2016-04-12 17:34:50 -0300
committerPeter Korsgaard <peter@korsgaard.com>2016-04-12 23:12:42 +0200
commit8e3268a0b93f0dabb16f79b0be6e1d4c98740cc1 (patch)
tree96f15f3cd03d24e0081bdd9442432545916559c2
parent04e775dbcaeab47bd410e6615298953ed87bb9d9 (diff)
samba4: security bump to version 4.4.2
Fixes: CVE-2016-2118 - A man in the middle can intercept any DCERPC traffic between a client and a server in order toimpersonate the client and get the same privileges as the authenticated user account. CVE-2016-2115 - The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection. Samba doesn't enforce SMB signing for this kind of SMB connections by default, which makes man in the middle attacks possible. CVE-2016-2114 - Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured. CVE-2016-2113 - Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://). CVE-2016-2112 - A man in the middle is able to downgrade LDAP connections to no integrity protection. It's possible to attack client and server with this. CVE-2016-2111 - When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic. CVE-2016-2110 - The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. CVE-2015-5370 - Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/samba4/samba4.hash2
-rw-r--r--package/samba4/samba4.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/samba4/samba4.hash b/package/samba4/samba4.hash
index 95d111df9..d762452a7 100644
--- a/package/samba4/samba4.hash
+++ b/package/samba4/samba4.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 c5f6fefb7fd0a4e5f404a253b19b55f74f88faa1c3612cb3329e24aa03470075 samba-4.4.0.tar.gz
+sha256 eaecd41a85ebb9507b8db9856ada2a949376e9d53cf75664b5493658f6e5926a samba-4.4.2.tar.gz
diff --git a/package/samba4/samba4.mk b/package/samba4/samba4.mk
index 5bacbc3a7..0d73662bb 100644
--- a/package/samba4/samba4.mk
+++ b/package/samba4/samba4.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SAMBA4_VERSION = 4.4.0
+SAMBA4_VERSION = 4.4.2
SAMBA4_SITE = http://ftp.samba.org/pub/samba/stable
SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
SAMBA4_INSTALL_STAGING = YES