[Pkg-samba-maint] [samba] 01/02: Release 2:3.6.6-6+deb7u13, including CVE-2017-7494

Mathieu Parent sathieu at moszumanska.debian.org
Wed May 24 15:59:00 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch wheezy
in repository samba.

commit f9f346307a947d78d4eb1162ec58a0000836094f
Author: Mathieu Parent <math.parent at gmail.com>
Date:   Sat May 20 23:19:48 2017 +0200

    Release 2:3.6.6-6+deb7u13, including CVE-2017-7494
---
 debian/changelog                              |  7 ++++++
 debian/patches/CVE-2017-7494-samba3.6.x.patch | 32 +++++++++++++++++++++++++++
 debian/patches/series                         |  1 +
 3 files changed, 40 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index db54c6b..3fb765e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+samba (2:3.6.6-6+deb7u13) wheezy-security; urgency=medium
+
+  * Non-maintainer upload by a now maintainer.
+  * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
+
+ -- Mathieu Parent <sathieu at debian.org>  Sat, 20 May 2017 23:19:09 +0200
+
 samba (2:3.6.6-6+deb7u12) wheezy-security; urgency=high
 
   * Non-maintainer upload by the LTS Team.
diff --git a/debian/patches/CVE-2017-7494-samba3.6.x.patch b/debian/patches/CVE-2017-7494-samba3.6.x.patch
new file mode 100644
index 0000000..3c1752d
--- /dev/null
+++ b/debian/patches/CVE-2017-7494-samba3.6.x.patch
@@ -0,0 +1,32 @@
+From c12670f75b6403aa0b7d7c02bd7af0d4f1160b9e Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl at samba.org>
+Date: Mon, 8 May 2017 21:40:40 +0200
+Subject: [PATCH 1/1] CVE-2017-7494: Refuse to open pipe names with / inside
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
+
+Signed-off-by: Volker Lendecke <vl at samba.org>
+Reviewed-by: Andreas Schneider <asn at samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index 251f899..7126865 100644
+--- source3/rpc_server/srv_pipe.c
++++ source3/rpc_server/srv_pipe.c
+@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
+ 		pipename += 1;
+ 	}
+ 
++	if (strchr(pipename, '/')) {
++		DEBUG(1,("Refusing open on pipe %s\n", pipename));
++		return false;
++	}
++
+ 	if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
+ 		DEBUG(10, ("refusing spoolss access\n"));
+ 		return false;
+2.9.3
+
+
diff --git a/debian/patches/series b/debian/patches/series
index 5774787..fd1a722 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -57,3 +57,4 @@ CVE-2017-2619-prerequisites.patch
 CVE-2017-2619-race-condition-fix.patch
 CVE-2017-2619-regression-bug-12721-fix.patch
 CVE-2017-2619-tests.patch
+CVE-2017-7494-samba3.6.x.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git

More information about the Pkg-samba-maint mailing list