From nobody Wed Feb 2 01:48:20 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7144819A2AD7; Wed, 2 Feb 2022 01:48:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JpPpF1rMKz3mw5; Wed, 2 Feb 2022 01:48:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643766501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4QAtoVzc8zIOmVcpSfLui+g76Q6kh3beDGbKQr9n94I=; b=edVD56Cw9wMjo7lBfjabsvi4sq3FrbfUsAexVQv0Q3fEvwDax+97GfHHOYPM2njdQU99L6 0vyu5t94XJHoN58tNHMNcAXDSo4H/neXs/lYIQpVhG10ToG8KnxgAGfFoZ61BRT6lff097 gpaoqQMqOSJ9pjW/WDaaiQ32bsdBd2/q0gzAhfyDqjX6PKmpHtNQgKDnPsEQKxC2+7K6uj JHzsRTWnYUXJJZiULbLJpbqRhlzlHUoCT7BytjV10Fmasf3UNhKE1tmpYXaffyu26CyfXz VQHJzz4nxDf0twx1Mg+u7CeqlJYGqqKQifCBOhLfR57xsv5TDze1rhoutFQxjw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0AC4B1BACA; Wed, 2 Feb 2022 01:48:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2121mKrN081922; Wed, 2 Feb 2022 01:48:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2121mKjY081921; Wed, 2 Feb 2022 01:48:20 GMT (envelope-from git) Date: Wed, 2 Feb 2022 01:48:20 GMT Message-Id: <202202020148.2121mKjY081921@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: "Timur I. Bakeyev" Subject: git: a09995057a01 - main - security/vuxml: Add a note about recent Samba vulnerabilities. List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: timur X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a09995057a01693ec333095bc0ead96b6ba8c9e7 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643766501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4QAtoVzc8zIOmVcpSfLui+g76Q6kh3beDGbKQr9n94I=; b=AIK3yaVejgrWDHkrl8gepGzg9rWTnF65hBW1ls5iiexIinQooBp/mHbmdyzZnmHgs5+Fx4 ZHqjDC4awv9fNqRsoa//84cRR0BnQVG5RQ0SOR40RgGspWoCxma/cJ94/PMxwDixdPfJfm /x92xi8ACJ7scEVweXg9FFA9kbn1skeXBqDeEVbGZarjQ52jjv6uy08kJ0CdghNl4YwYY4 K4hahNTx1eUw36eQTG5YdMz2G4dUJzkgPaky2pQI8ZtkNBkE9SlzZMva8mm7H9o2gWueri jtxPFkYqB64Uid344tpKrQN+l9KcwGNFmoTiSZG9tP3YOa5P159iF5V4zE5mlQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643766501; a=rsa-sha256; cv=none; b=KZGWnOR+/rqpzWedH6O4FGUTGWavOmOSIUFbWtHQAR1Z1Pw40pVgHDC97i4Y8vTPfmaMK/ rz0uUpPm0FQVoG2zd223c5UmNoJbZZDBVLAgkLZFba8GEJc2VF4mDUKSMiuLwHANs9DluL YShfaTG4s3YC4YZW/tuO9M4oG3cfRAfNkRpvJtM8slNWOnOHXM5Ve892EpJxcwJiRXTLVb CcC5+bLf68qBRK12Pmjc61EeXMV1VWYb3EGqb/mgngAKTmb569Z0KZF/QkQBswwsHtb5q8 0UQR7HrQKVCSEUcD/QrzA7itiHy9Hx7Z+qdBrd03M9W/CpOILFscZ7mJEoPH1A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by timur: URL: https://cgit.FreeBSD.org/ports/commit/?id=a09995057a01693ec333095bc0ead96b6ba8c9e7 commit a09995057a01693ec333095bc0ead96b6ba8c9e7 Author: Timur I. Bakeyev AuthorDate: 2022-02-02 01:45:38 +0000 Commit: Timur I. Bakeyev CommitDate: 2022-02-02 01:47:37 +0000 security/vuxml: Add a note about recent Samba vulnerabilities. CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 Security: CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 --- security/vuxml/vuln-2022.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index fea7a30aac6a..edcc775cb94b 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,53 @@ + + samba -- Multiple Vulnerabilities + + + samba413 + 4.13.17 + + + samba414 + 4.14.12 + + + samba415 + 4.15.5 + + + + +

The Samba Team reports:

+
+
    +
  • CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow + a directory to be created in an area of the server file system not + exported under the share definition.
  • +
  • CVE-2021-44141: Information leak via symlinks of existance of files + or directories outside of the exported share.
  • +
  • CVE-2021-44142: Out-of-bounds heap read/write vulnerability + in VFS module vfs_fruit allows code execution.
  • +
  • CVE-2022-0336: Samba AD users with permission to write to + an account can impersonate arbitrary services.
  • +
+
+ +
+ + CVE-2021-43566 + CVE-2021-44141 + CVE-2021-44142 + CVE-2022-0336 + https://www.samba.org/samba/security/CVE-2021-43566.html + https://www.samba.org/samba/security/CVE-2021-44141.html + https://www.samba.org/samba/security/CVE-2021-44142.html + https://www.samba.org/samba/security/CVE-2022-0336.html + + + 2022-01-31 + 2022-02-01 + +
+ Rust -- Race condition enabling symlink following