Bug 13579

Debian has issued an advisory for this today (June 23):
https://www.debian.org/security/2014/dsa-2966

They also patched CVE-2014-0178, which upstream failed to fix in 3.6.x.

Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Advisory:
========================

Updated samba packages fix security vulnerabilities:

Information leak vulnerability in the VFS code, allowing an authenticated user
to retrieve eight bytes of uninitialized memory when shadow copy is enabled
(CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of
service on the nmbd NetBIOS name services daemon. A malformed packet can cause
the nmbd server to loop the CPU and prevent any further NetBIOS name service
(CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of
service crash involving overwriting memory on an authenticated connection to
the smbd file server (CVE-2014-3493).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
http://www.samba.org/samba/security/CVE-2014-0244
http://www.samba.org/samba/security/CVE-2014-3493
========================

Updated packages in core/updates_testing:
========================
samba-server-3.6.15-1.6.mga3
samba-client-3.6.15-1.6.mga3
samba-common-3.6.15-1.6.mga3
samba-doc-3.6.15-1.6.mga3
samba-swat-3.6.15-1.6.mga3
samba-winbind-3.6.15-1.6.mga3
nss_wins-3.6.15-1.6.mga3
libsmbclient0-3.6.15-1.6.mga3
libsmbclient0-devel-3.6.15-1.6.mga3
libsmbclient0-static-devel-3.6.15-1.6.mga3
libnetapi0-3.6.15-1.6.mga3
libnetapi-devel-3.6.15-1.6.mga3
libsmbsharemodes0-3.6.15-1.6.mga3
libsmbsharemodes-devel-3.6.15-1.6.mga3
libwbclient0-3.6.15-1.6.mga3
libwbclient-devel-3.6.15-1.6.mga3
samba-virusfilter-clamav-3.6.15-1.6.mga3
samba-virusfilter-fsecure-3.6.15-1.6.mga3
samba-virusfilter-sophos-3.6.15-1.6.mga3
samba-domainjoin-gui-3.6.15-1.6.mga3
samba-server-3.6.24-1.1.mga4
samba-client-3.6.24-1.1.mga4
samba-common-3.6.24-1.1.mga4
samba-doc-3.6.24-1.1.mga4
samba-swat-3.6.24-1.1.mga4
samba-winbind-3.6.24-1.1.mga4
nss_wins-3.6.24-1.1.mga4
libsmbclient0-3.6.24-1.1.mga4
libsmbclient0-devel-3.6.24-1.1.mga4
libsmbclient0-static-devel-3.6.24-1.1.mga4
libnetapi0-3.6.24-1.1.mga4
libnetapi-devel-3.6.24-1.1.mga4
libsmbsharemodes0-3.6.24-1.1.mga4
libsmbsharemodes-devel-3.6.24-1.1.mga4
libwbclient0-3.6.24-1.1.mga4
libwbclient-devel-3.6.24-1.1.mga4
samba-virusfilter-clamav-3.6.24-1.1.mga4
samba-virusfilter-fsecure-3.6.24-1.1.mga4
samba-virusfilter-sophos-3.6.24-1.1.mga4
samba-domainjoin-gui-3.6.24-1.1.mga4

from SRPMS:
samba-3.6.15-1.6.mga3.src.rpm
samba-3.6.24-1.1.mga4.src.rpm

Summary: samba new security issues CVE-2014-0244 and CVE-2014-3493 => samba new security issues CVE-2014-0178, CVE-2014-0244, and CVE-2014-3493

Oops, forgot to add one URL to the advisory.

Advisory:
========================

Updated samba packages fix security vulnerabilities:

Information leak vulnerability in the VFS code, allowing an authenticated user
to retrieve eight bytes of uninitialized memory when shadow copy is enabled
(CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of
service on the nmbd NetBIOS name services daemon. A malformed packet can cause
the nmbd server to loop the CPU and prevent any further NetBIOS name service
(CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of
service crash involving overwriting memory on an authenticated connection to
the smbd file server (CVE-2014-3493).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
http://www.samba.org/samba/security/CVE-2014-0178
http://www.samba.org/samba/security/CVE-2014-0244
http://www.samba.org/samba/security/CVE-2014-3493

Oops, also forgot the Debian advisory.  Really done this time.

Advisory:
========================

Updated samba packages fix security vulnerabilities:

Information leak vulnerability in the VFS code, allowing an authenticated user
to retrieve eight bytes of uninitialized memory when shadow copy is enabled
(CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of
service on the nmbd NetBIOS name services daemon. A malformed packet can cause
the nmbd server to loop the CPU and prevent any further NetBIOS name service
(CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of
service crash involving overwriting memory on an authenticated connection to
the smbd file server (CVE-2014-3493).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
http://www.samba.org/samba/security/CVE-2014-0178
http://www.samba.org/samba/security/CVE-2014-0244
http://www.samba.org/samba/security/CVE-2014-3493
https://www.debian.org/security/2014/dsa-2966

Procedure: https://bugs.mageia.org/show_bug.cgi?id=10926#c7 and following comments.

Whiteboard: MGA3TOO => MGA3TOO has_procedure

Tested mga4_64,

Testing complete for samba-3.6.24-1.1.mga4, Ok for me nothing to report and seems to work properly.

- Test on my local shared group "MGAGROUP" with 3 Mga PC and 2 Windows PC.
- Test on MCC too.


samba-winbind-3.6.24-1.1.mga4
samba-server-3.6.24-1.1.mga4
samba-common-3.6.24-1.1.mga4
samba-doc-3.6.24-1.1.mga4
samba-swat-3.6.24-1.1.mga4
samba-client-3.6.24-1.1.mga4
lib64smbsharemodes0-3.6.24-1.1.mga4
lib64smbclient0-3.6.24-1.1.mga4

CC: (none) => geiger.david68210
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA4-64-OK

Tested mga4_32,

Testing complete for samba-3.6.24-1.1.mga4, Ok for me nothing to report and seems to work properly too.

- Test on my local shared group "MGAGROUP" with 3 Mga PC and 2 Windows PC.
- Test on MCC too.

samba-doc-3.6.24-1.1.mga4
samba-server-3.6.24-1.1.mga4
samba-client-3.6.24-1.1.mga4
samba-common-3.6.24-1.1.mga4
samba-winbind-3.6.24-1.1.mga4
samba-swat-3.6.24-1.1.mga4
libsmbsharemodes0-3.6.24-1.1.mga4
libsmbclient0-3.6.24-1.1.mga4

Whiteboard: MGA3TOO has_procedure MGA4-64-OK => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK

Tested mga3_64,

Testing complete for samba-3.6.15-1.6.mga3, Ok for me nothing to report and seems to work properly too.

- Test on my local shared group "MGAGROUP" with 3 Mga PC and 2 Windows PC.
- Test on MCC too.

samba-common-3.6.15-1.6.mga3
samba-client-3.6.15-1.6.mga3
samba-doc-3.6.15-1.6.mga3
samba-winbind-3.6.15-1.6.mga3
samba-swat-3.6.15-1.6.mga3
samba-server-3.6.15-1.6.mga3
lib64smbclient0-3.6.15-1.6.mga3
lib64smbsharemodes0-3.6.15-1.6.mga3

Tested mga3_32,

Testing complete for samba-3.6.15-1.6.mga3, Ok for me nothing to report and seems to work properly too.

- Test on my local shared group "MGAGROUP" with 3 Mga PC and 2 Windows PC.
- Test on MCC too.

samba-common-3.6.15-1.6.mga3
samba-client-3.6.15-1.6.mga3
samba-doc-3.6.15-1.6.mga3
samba-winbind-3.6.15-1.6.mga3
samba-swat-3.6.15-1.6.mga3
samba-server-3.6.15-1.6.mga3
lib64smbclient0-3.6.15-1.6.mga3
lib64smbsharemodes0-3.6.15-1.6.mga3

Whiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK

Well done David.

Validating. Advisory uploaded.

Could a sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK => MGA3TOO has_procedure advisory MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Update pushed:
http://advisories.mageia.org/MGASA-2014-0279.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED