Add security advisories and update sec page.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

diff --git a/history/security.html b/history/security.html
index 44c33cc95e262d106f91bd7efeee2040ebf411cb..79958eadf19bb956023c994697fe624e70fd3396 100755 (executable)
--- a/history/security.html
+++ b/history/security.html
@@ -21,6 +21,25 @@ link to full release notes for each release.</p>
        <td><em>Details</em></td>
       </tr>
 
+    <tr>
+       <td>21 Nov 2017</td>
+       <td><a href="/samba/ftp/patches/security/samba-4.7.2-security-2017-11-21.patch">
+       patch for Samba 4.7.2</a><br />
+       <a href="/samba/ftp/patches/security/samba-4.6.10-security-2017-11-21.patch">
+       patch for Samba 4.6.10</a><br />
+       <a href="/samba/ftp/patches/security/samba-4.5.14-security-2017-11-21.patch">
+       patch for Samba 4.5.14</a><br />
+       <td>Numerous CVEs. Please see the announcements for details.
+       </td>
+       <td>please refer to the advisories</td>
+       <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746">CVE-2017-14746</a>, 
+           <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275">CVE-2017-15275</a>
+       </td>
+       <td><a href="/samba/security/CVE-2017-14746.html">Announcement</a>, 
+           <a href="/samba/security/CVE-2017-15275.html">Announcement</a>
+       </td>
+    </tr>
+
     <tr>
        <td>20 Sep 2017</td>
        <td><a href="/samba/ftp/patches/security/samba-4.6.7-security-2017-09-20.patch">

diff --git a/security/CVE-2017-14746.html b/security/CVE-2017-14746.html
new file mode 100644 (file)
index 0000000..57e92ea
--- /dev/null
+++ b/security/CVE-2017-14746.html
@@ -0,0 +1,71 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2017-14746.html:</H2>
+
+<p>
+<pre>
+====================================================================
+== Subject:     Use-after-free vulnerability.
+==
+== CVE ID#:     CVE-2017-14746
+==
+== Versions:    All versions of Samba from 4.0.0 onwards.
+==
+== Summary:     A client may use an SMB1 request to manipulate
+==              the contents of heap space.
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+free vulnerability, where a malicious SMB1 request can be used to
+control the contents of heap memory via a deallocated heap pointer. It
+is possible this may be used to compromise the SMB server.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+  http://www.samba.org/samba/security/
+
+Additionally, Samba 4.7.3, 4.6.11 and 4.5.15 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions are available at http://samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+Prevent SMB1 access to the server by setting the parameter:
+
+server min protocol = SMB2
+
+to the [global] section of your smb.conf and restart smbd. This
+prevents and SMB1 access to the server. Note this could cause older
+clients to be unable to connect to the server.
+
+=======
+Credits
+=======
+
+This problem was found by Yihan Lian and Zhibin Hu of Qihoo 360
+GearTeam. Jeremy Allison of Google and the Samba Team provided the
+fix.
+</pre>
+</body>
+</html>

diff --git a/security/CVE-2017-15275.html b/security/CVE-2017-15275.html
new file mode 100644 (file)
index 0000000..7f70669
--- /dev/null
+++ b/security/CVE-2017-15275.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2017-15275.html:</H2>
+
+<p>
+<pre>
+====================================================================
+== Subject:     Server heap memory information leak.
+==
+== CVE ID#:     CVE-2017-15275
+==
+== Versions:    All versions of Samba from 3.6.0 onwards.
+==
+== Summary:     The server may return the contents of heap
+==             allocated memory to the client.
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+memory information leak, where server allocated heap memory may be
+returned to the client without being cleared.
+
+There is no known vulnerability associated with this error, but
+uncleared heap memory may contain previously used data that may help
+an attacker compromise the server via other methods. Uncleared heap
+memory may potentially contain password hashes or other high-value
+data.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+  http://www.samba.org/samba/security/
+
+Additionally, Samba 4.7.3, 4.6.11 and 4.5.15 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions are available at http://samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+None.
+
+=======
+Credits
+=======
+
+This problem was found by Volker Lendecke of SerNet and the Samba
+Team. Jeremy Allison of Google and the Samba Team provided the fix.
+</pre>
+</body>
+</html>