pkgsrc.se | The NetBSD package collection

Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:

2020-07-29 22:15:59 by Benny Siegert | Files touched by this commit (4) | Package updated
Log message:
Pullup ticket #6276 - requested by taca
net/samba4: security fix

Revisions pulled up:
- net/samba4/Makefile                                           1.102
- net/samba4/PLIST                                              1.31
- net/samba4/distinfo                                           1.49
- net/samba4/patches/patch-lib_replace_system_passwd.h          1.1

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Mon Jul  6 14:38:06 UTC 2020

   Modified Files:
   	pkgsrc/net/samba4: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/net/samba4/patches: patch-lib_replace_system_passwd.h

   Log message:
   samba4: updated to 4.12.5

   Changes since 4.12.4
   --------------------
      * BUG 14301: Fix smbd panic on force-close share during async io.
      * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
        folder that contains incorrect symbols in any file name.
      * BUG 14391: Fix DFS links.
      * BUG 14310: Can't use DNS functionality after a Windows DC has been in
        domain.
      * BUG 14413: ldapi search to FreeIPA crashes.
      * BUG 14396: Add net-ads-join dnshostname=fqdn option.
      * BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.
      * BUG 14386: docs-xml: Update list of posible VFS operations for
        vfs_full_audit.
      * BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
      * BUG 14370: Client tools are not able to read gencache anymore.

   Samba 4.12.4
   ============
   o  CVE-2020-10730:
      A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
      de-reference and further combinations with the LDAP paged_results feature can
      give a use-after-free in Samba's AD DC LDAP server.

   o  CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
      excessive CPU.

   o  CVE-2020-10760:
      The use of the paged_results or VLV controls against the Global Catalog LDAP
      server on the AD DC will cause a use-after-free.

   o  CVE-2020-14303:
      The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
      further requests once it receives an empty (zero-length) UDP packet to
      port 137.

   For more details, please refer to the security advisories.

   Changes since 4.12.3
   --------------------
      * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
        several seconds of CPU each.
      * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
        and VLV combined.
      * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
        server with paged_result or VLV.
      * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
        AD DC nbt_server.
      * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
        and VLV combined, ldb: Bump version to 2.1.4.
Next | Query returned 1 messages, browsing 1 to 10 | previous