Bug 15347

Summary:	samba new security issue CVE-2015-0240
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	critical
Priority:	Normal	CC:	sysadmin-bugs
Version:	4	Keywords:	validated_update
Target Milestone:	---
Hardware:	i586
OS:	Linux
URL:	http://lwn.net/Vulnerabilities/634433/
Whiteboard:	has_procedure advisory mga4-32-ok mga4-64-ok
Source RPM:	samba-3.6.24-1.1.mga4.src.rpm	CVE:
Status comment:

Description David Walser 2015-02-23 19:45:55 CET

RedHat has issued an advisory today (February 23):
https://rhn.redhat.com/errata/RHSA-2015-0251.html

Updated package uploaded for Mageia 4.

Freeze push requested for Cauldron.

Advisory:
========================

Updated samba packages fix security vulnerabilities:

An uninitialized pointer use flaw was found in the Samba daemon (smbd). A
malicious Samba client could send specially crafted netlogon packets that,
when processed by smbd, could potentially lead to arbitrary code execution
with the privileges of the user running smbd (by default, the root user)
(CVE-2015-0240).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
https://rhn.redhat.com/errata/RHSA-2015-0251.html
========================

Updated packages in core/updates_testing:
========================
samba-server-3.6.25-1.mga4
samba-client-3.6.25-1.mga4
samba-common-3.6.25-1.mga4
samba-doc-3.6.25-1.mga4
samba-swat-3.6.25-1.mga4
samba-winbind-3.6.25-1.mga4
nss_wins-3.6.25-1.mga4
libsmbclient0-3.6.25-1.mga4
libsmbclient0-devel-3.6.25-1.mga4
libsmbclient0-static-devel-3.6.25-1.mga4
libnetapi0-3.6.25-1.mga4
libnetapi-devel-3.6.25-1.mga4
libsmbsharemodes0-3.6.25-1.mga4
libsmbsharemodes-devel-3.6.25-1.mga4
libwbclient0-3.6.25-1.mga4
libwbclient-devel-3.6.25-1.mga4
samba-virusfilter-clamav-3.6.25-1.mga4
samba-virusfilter-fsecure-3.6.25-1.mga4
samba-virusfilter-sophos-3.6.25-1.mga4
samba-domainjoin-gui-3.6.25-1.mga4

from samba-3.6.25-1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:

Comment 1 claire robinson 2015-02-24 14:02:56 CET

Procedure: https://bugs.mageia.org/show_bug.cgi?id=10926#c7 and following comments.

Whiteboard: (none) => has_procedure

David Walser 2015-02-24 18:38:00 CET

URL: (none) => http://lwn.net/Vulnerabilities/634433/

Comment 2 David Walser 2015-02-24 19:15:26 CET

This is a critical update that we need to get released like the other distros have done.  Ideally it would have been done yesterday.  Apparently it's received some press attention according to Claire (I've been busy all week so I haven't seen it yet).  I think we need to trust that the upstream fixes are OK and just check that the packages install fine.  I can confirm that they do on Mageia 4 i586.

Comment 3 claire robinson 2015-02-24 21:38:47 CET

Testing complete mga4 64

Configured a test share and connected to it from mga4 32

Whiteboard: has_procedure => has_procedure mga4-32-ok mga4-64-ok

Comment 4 claire robinson 2015-02-24 22:09:48 CET

Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2015-02-24 22:20:48 CET

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0084.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED