Bug 25644

Summary: samba new security issues CVE-2019-10218, CVE-2019-14833, CVE-2019-14847, CVE-2019-14861, CVE-2019-14870
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, bgmilne, brtians1, herman.viaene, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-32-OK MGA7-64-OK
Source RPM: samba-4.10.8-7.mga8.src.rpm CVE:
Status comment:

David Walser 2019-10-31 13:29:14 CET

Whiteboard: (none) => MGA7TOO

Comment 1 David Walser 2019-11-03 02:56:36 CET 
Ubuntu has issued an advisory for this on October 29:
https://usn.ubuntu.com/4167-1/

Severity: normal => major

Comment 2 David Walser 2019-12-10 12:06:16 CET 
Samba has issued advisories today (December 10):
https://www.samba.org/samba/security/CVE-2019-14861.html
https://www.samba.org/samba/security/CVE-2019-14870.html

The issues are fixed upstream in 4.10.11:
https://www.samba.org/samba/history/samba-4.10.11.html

Summary: samba new security issues CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 => samba new security issues CVE-2019-10218, CVE-2019-14833, CVE-2019-14847, CVE-2019-14861, CVE-2019-14870

Comment 3 David Walser 2019-12-14 18:43:50 CET 
Ubuntu has issued an advisory for this on December 10:
https://usn.ubuntu.com/4217-1/
Comment 4 Buchan Milne 2019-12-14 21:14:42 CET 
For Mageia 7:

ldb 1.5.6 required for samba 4.10.11:
http://svnweb.mageia.org/packages?view=revision&revision=1467226

Once it has built, http://svnweb.mageia.org/packages?view=revision&revision=1467227 updates to samba 4.10.11

Status: NEW => ASSIGNED

Comment 5 Buchan Milne 2019-12-14 21:21:35 CET 
For cauldron:

ldb 1.5.6: commit 1467228 (building)

samba 4.10.11: commit 1467229

For Mageia 7, ldb completed, samba 4.10.11 is building.
Comment 6 Buchan Milne 2019-12-14 21:39:22 CET 
For Mageia 7, samba 4.10.11 has built successfully for updates_testing, and should be available on mirrors soon.

Assignee: bgmilne => bugsquad
CC: (none) => bgmilne

Comment 7 David Walser 2019-12-15 15:55:24 CET 
Advisory still to come.  Package list below.

libldb1-1.5.6-1.mga7
ldb-utils-1.5.6-1.mga7
libldb-devel-1.5.6-1.mga7
python2-ldb-1.5.6-1.mga7
python3-ldb-1.5.6-1.mga7
libpyldb-util1-1.5.6-1.mga7
libpyldb-util-devel-1.5.6-1.mga7
samba-4.10.11-1.mga7
samba-client-4.10.11-1.mga7
samba-common-4.10.11-1.mga7
samba-dc-4.10.11-1.mga7
libsamba-dc0-4.10.11-1.mga7
libkdc-samba4_2-4.10.11-1.mga7
libheimntlm-samba4_1-4.10.11-1.mga7
libsamba-devel-4.10.11-1.mga7
samba-krb5-printing-4.10.11-1.mga7
libsamba1-4.10.11-1.mga7
libsmbclient0-4.10.11-1.mga7
libsmbclient-devel-4.10.11-1.mga7
libwbclient0-4.10.11-1.mga7
libwbclient-devel-4.10.11-1.mga7
python2-samba-4.10.11-1.mga7
python3-samba-4.10.11-1.mga7
samba-pidl-4.10.11-1.mga7
samba-test-4.10.11-1.mga7
libsamba-test0-4.10.11-1.mga7
samba-winbind-4.10.11-1.mga7
samba-winbind-clients-4.10.11-1.mga7
samba-winbind-krb5-locator-4.10.11-1.mga7
samba-winbind-modules-4.10.11-1.mga7
ctdb-4.10.11-1.mga7
ctdb-tests-4.10.11-1.mga7

from SRPMS:
ldb-1.5.6-1.mga7.src.rpm
samba-4.10.11-1.mga7.src.rpm

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
Assignee: bugsquad => qa-bugs

Comment 8 Herman Viaene 2019-12-16 12:05:34 CET 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Tried client connection to my own samba server:
$ smbclient  //mach1/herman -U herman
Unable to initialize messaging context
Enter MYGROUP\herman's password: 
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Mon Dec 16 12:01:53 2019
  ..                                  D        0  Mon Jul 30 10:45:43 2018
  Trash                               N        0  Sun Nov 24 09:43:13 2013
  Inschrijvingsformulier Nieuwe quiz.doc      N   542720  Sun Sep 16 14:18:36 2012
  idkaartherman.jpg                   N   235947  Thu Sep 23 17:27:46 2010
  kerst2015nedklein.ppsx              N  1514274  Fri Dec 25 20:05:05 2015
  .audacity-data                     DH        0  Tue Aug 27 14:17:57 2019
  .qareporc                           H      117  Wed Dec 11 17:23:13 2019
anda lot more ...... seems OK.
Will look for a server test later.

CC: (none) => herman.viaene

Comment 9 Herman Viaene 2019-12-16 17:18:03 CET 
Used MCC to setup a minimal Samba server, and did the same smbclient test from my desktop PC to this laptop: is OK.
More tests needed?
Comment 10 Brian Rockwell 2019-12-17 01:56:27 CET 
I had Samba on this server and upgraded it with the below.

- libheimntlm-samba4_1-4.10.11-1.mga7.i586
- libkdc-samba4_2-4.10.11-1.mga7.i586
- libsamba-dc0-4.10.11-1.mga7.i586
- libsamba1-4.10.11-1.mga7.i586
- libsmbclient0-4.10.11-1.mga7.i586
- libwbclient0-4.10.11-1.mga7.i586
- samba-4.10.11-1.mga7.i586
- samba-client-4.10.11-1.mga7.i586
- samba-common-4.10.11-1.mga7.i586

$ uname -a
Linux localhost 5.3.13-desktop-2.mga7 #1 SMP Mon Nov 25 23:03:36 UTC 2019 i686 i686 i386 GNU/Linux


REbooted the machine and confirmed I am able to connect and transfer files to the box.

This seems sufficient - approved as functional.

Whiteboard: (none) => MGA7-32-OK
CC: (none) => brtians1

Herman Viaene 2019-12-17 10:14:14 CET

Whiteboard: MGA7-32-OK => MGA7-32-OK MGA7-64-OK

Comment 11 Thomas Andrews 2019-12-17 17:56:42 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-12-19 13:19:16 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 12 Mageia Robot 2019-12-19 14:45:51 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0397.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED