| Summary: | ctdb new regression caused by CVE-2015-8543 fix in kernel | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, marja11, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/692179/ | ||
| Whiteboard: | advisory MGA5-64-OK | ||
| Source RPM: | ctdb-2.5.3-3.mga5.src.rpm, samba-4.4.4-2.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-06-22 01:11:37 CEST
(In reply to David Walser from comment #0) > Debian has issued an advisory on March 3: > https://www.debian.org/security/2016/dsa-3426 > > They have patches to fix the issue. > > In Cauldron, ctdb is built from the samba SRPM. I don't know if that > version is still affected by this issue. Mageia 5 at least should be. Assigning to ctdb maintainer. @ Shlomi Is it possible for you to figure out whether samba in cauldron is affected, too? CC:
(none) =>
marja11 (In reply to Marja van Waes from comment #1) > (In reply to David Walser from comment #0) > > Debian has issued an advisory on March 3: > > https://www.debian.org/security/2016/dsa-3426 > > > > They have patches to fix the issue. > > > > In Cauldron, ctdb is built from the samba SRPM. I don't know if that > > version is still affected by this issue. Mageia 5 at least should be. > > Assigning to ctdb maintainer. > > @ Shlomi > > Is it possible for you to figure out whether samba in cauldron is affected, > too? I'll try to. Based on reading the description here - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813406 and studying the code then i don't think we are affected. (In reply to Shlomi Fish from comment #3) > Based on reading the description here - > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813406 and studying the > code then i don't think we are affected. Great, thanks :-) So only Mageia 5 needs to be fixed (In reply to Shlomi Fish from comment #3) > Based on reading the description here - > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813406 and studying the > code then i don't think we are affected. Actually this line in system_linux.c looks a little suspicious in this respect: 463: s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); But I'm not sure if we're affected. Given the range of versions that Debian patched, I don't see how our Mageia 5 package wouldn't be affected. As for Cauldron, I would hope that a known issue like this would be fixed in the latest upstream Samba. Hi all, I uploaded ctdb-2.5.3-3.1.mga5 to mga5's core/updates_testing with the patch. Assigning to QA for testing. Status:
NEW =>
ASSIGNED Advisory: ======================== Updated ctdb package fixes security vulnerability: The kernel fix for CVE-2015-8543 uncovered a bug in ctdb, leading to broken clusters. The ctdb package has been patched to fix this issue. References: https://www.debian.org/security/2016/dsa-3426
Dave Hodgins
2016-08-18 22:55:14 CEST
Keywords:
(none) =>
validated_update Just testing that the update installs cleanly Whiteboard:
advisory =>
advisory MGA5-64-OK An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0281.html Status:
ASSIGNED =>
RESOLVED |