Hi, I committed an update to samba-4.5.2 on -current earlier today. Below there's a diff to update to samba-4.5.3, a security update.
o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability). o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in trusted realms). o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege elevation). https://www.samba.org/samba/history/samba-4.5.3.html Index: Makefile =================================================================== RCS file: /d/cvs/ports/net/samba/Makefile,v retrieving revision 1.231 diff -u -p -r1.231 Makefile --- Makefile 19 Dec 2016 10:12:18 -0000 1.231 +++ Makefile 19 Dec 2016 10:12:32 -0000 @@ -1,6 +1,6 @@ # $OpenBSD: Makefile,v 1.231 2016/12/19 10:12:18 jca Exp $ -VERSION = 4.5.2 +VERSION = 4.5.3 DISTNAME = samba-${VERSION} COMMENT-main = SMB and CIFS client and server for UNIX Index: distinfo =================================================================== RCS file: /d/cvs/ports/net/samba/distinfo,v retrieving revision 1.55 diff -u -p -r1.55 distinfo --- distinfo 19 Dec 2016 10:12:18 -0000 1.55 +++ distinfo 19 Dec 2016 10:39:57 -0000 @@ -1,2 +1,2 @@ -SHA256 (samba-4.5.2.tar.gz) = kpfE2hou4s22UWFpm3AHvJSvs51GwlrNM/ZOZMa0OXo= -SIZE (samba-4.5.2.tar.gz) = 20944229 +SHA256 (samba-4.5.3.tar.gz) = 8G3EVKG7crIaMp4a11oUeViGQBZx7HQ51pprgkxJLso= +SIZE (samba-4.5.3.tar.gz) = 20946015 For -stable I plan to cook a diff later today / tomorrow, an update to 4.4.8 (since -stable is currently at 4.4.5). -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
signature.asc
Description: PGP signature
