The Samba-Bugzilla – Attachment 16795 Details for
Bug 14817
Update Kerberos testing and dependencies to bring in fix for KDC crash
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
WHATSNEW entry for Samba 4.15.0
whatsnew.patch (text/plain), 2.60 KB, created by
Andrew Bartlett
on 2021-09-08 07:28:11 UTC
(
hide
)
Description:
WHATSNEW entry for Samba 4.15.0
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2021-09-08 07:28:11 UTC
Size:
2.60 KB
patch
obsolete
>From 5ad131275bb9d4740bcd696822317eecf6e319d2 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 8 Sep 2021 19:20:55 +1200 >Subject: [PATCH 1/2] WHATSNEW: Update for KDC crash fixes > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > WHATSNEW.txt | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index d2c25df89ff..f76b519b43b 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -52,6 +52,14 @@ Starting from Jan 21th 2021, all Samba releases will be signed with the new key. > > See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt > >+New minimum version for the experimental MIT KDC >+------------------------------------------------ >+ >+The build of the AD DC using the system MIT Kerberos, an >+experimental feature, now requires MIT Kerberos 1.19. An up-to-date >+Fedora 34 has this version and has backported fixes for the KDC crash >+bugs CVE-2021-37750 and CVE-2021-36222 >+ > > NEW FEATURES/CHANGES > ==================== >@@ -274,6 +282,15 @@ Windows. > 'samba-tool dns update' is now a bit more careful in rejecting and > warning you about malformed IPv4 and IPv6 addresses. > >+CVE-2021-3671: Crash in Heimdal KDC and updated security release policy >+----------------------------------------------------------------------- >+ >+An unuthenticated user can crash the AD DC KDC by omitting the server >+name in a TGS-REQ. Per Samba's updated security process a specific >+security release was not made for this issue as it is a recoverable >+Denial Of Service. >+ >+See https://wiki.samba.org/index.php/Samba_Security_Proces > > REMOVED FEATURES > ================ >-- >2.25.1 > > >From ff860af750018976353f550da69f0187ed161d18 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 8 Sep 2021 19:24:29 +1200 >Subject: [PATCH 2/2] WHATSNEW: Update with samba-tool domain backup offline > fix > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > WHATSNEW.txt | 8 ++++++++ > 1 file changed, 8 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index f76b519b43b..2f3e1422485 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -292,6 +292,14 @@ Denial Of Service. > > See https://wiki.samba.org/index.php/Samba_Security_Proces > >+samba-tool domain backup offline with the LMDB backend >+------------------------------------------------------ >+ >+samba-tool domain backup offline, when operating with the LMDB backend >+now correctly takes out locks against concurrent modification of the >+database during the backup. If you use this tool on a Samba AD DC >+using LMDB, you should upgrade to this release for safer backups. >+ > REMOVED FEATURES > ================ > >-- >2.25.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=16795">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14817
:
16763
|
16764
|
16765
|
16766
|
16767
|
16768
|
16769
|
16777
|
16778
|
16779
|
16780
|
16781
|
16782
|
16783
|
16784
|
16785
|
16786
|
16787
|
16788
|
16789
|
16790
|
16791
|
16792
|
16793
|
16794
| 16795