| Summary: | samba new security issues CVE-2022-2031 and CVE-2022-3274[2456] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, bgmilne, davidwhodgins, herman.viaene, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | samba-4.14.12-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-07-27 18:08:52 CEST
David Walser
2022-07-27 18:09:25 CEST
Status comment:
(none) =>
Fixed upstream in 4.14.14
Buchan Milne
2022-07-27 18:16:51 CEST
Status:
NEW =>
ASSIGNED openSUSE has issued an advisory for this today (July 29): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CKTUJ63ZYTQNYFNRWGXIE3KBEFGJXGJL/ Updates submitted for Mageia 8 by Buchan. BTW, Cauldron still needs to be updated to 4.16.4. libldb2-2.3.4-1.mga8 ldb-utils-2.3.4-1.mga8 python3-ldb-2.3.4-1.mga8 libldb-devel-2.3.4-1.mga8 libpyldb-util2-2.3.4-1.mga8 libpyldb-util-devel-2.3.4-1.mga8 libsamba1-4.14.14-1.mga8 python3-samba-4.14.14-1.mga8 samba-dc-4.14.14-1.mga8 samba-test-4.14.14-1.mga8 ctdb-4.14.14-1.mga8 samba-4.14.14-1.mga8 samba-client-4.14.14-1.mga8 libsamba-dc0-4.14.14-1.mga8 samba-winbind-4.14.14-1.mga8 samba-common-4.14.14-1.mga8 libkdc-samba4_2-4.14.14-1.mga8 libsmbclient0-4.14.14-1.mga8 samba-winbind-clients-4.14.14-1.mga8 samba-winbind-modules-4.14.14-1.mga8 libsamba-devel-4.14.14-1.mga8 libsmbclient-devel-4.14.14-1.mga8 libwbclient0-4.14.14-1.mga8 libsamba-test0-4.14.14-1.mga8 libwbclient-devel-4.14.14-1.mga8 libheimntlm-samba4_1-4.14.14-1.mga8 samba-winbind-krb5-locator-4.14.14-1.mga8 samba-krb5-printing-4.14.14-1.mga8 from SRPMS: ldb-2.3.4-1.mga8.src.rpm samba-4.14.14-1.mga8.src.rpm CC:
(none) =>
bgmilne sssd still need to be rebuilt since ldb was updated. Assignee:
qa-bugs =>
bgmilne I've submitted the following: * ldb-2.3.4-1.mga8 http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132123.buchan.duvel.2598077/ldb-2.3.4-1.mga8/ * samba-4.14.14-1.mga8 http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132825.buchan.duvel.2622774/samba-4.14.14-1.mga8/ * sssd-2.4.0-1.4.mga8 (currently still building) http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730165215.buchan.duvel.3432169/sssd-2.4.0-1.4.mga8/ Packages so far: (why does the bs write packages.* files only for arm?) * ldb $ curl -s http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132123.buchan.duvel.2598077/ldb-2.3.4-1.mga8/build.x86_64.0.20220730132204.log|awk -F'(: |/)' '/^Wrote/ {print $8}'|grep -Ev -- '-debug(info|source)-'|sort ldb-utils-2.3.4-1.mga8.x86_64.rpm lib64ldb2-2.3.4-1.mga8.x86_64.rpm lib64ldb-devel-2.3.4-1.mga8.x86_64.rpm lib64pyldb-util2-2.3.4-1.mga8.x86_64.rpm lib64pyldb-util-devel-2.3.4-1.mga8.x86_64.rpm python3-ldb-2.3.4-1.mga8.x86_64.rpm * samba $ curl -s http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132825.buchan.duvel.2622774/samba-4.14.14-1.mga8/build.x86_64.0.20220730133455.log|awk -F'(: |/)' '/^Wrote/ {print $8}'|grep -Ev -- '-debug(info|source)-'|sort ctdb-4.14.14-1.mga8.x86_64.rpm lib64heimntlm-samba4_1-4.14.14-1.mga8.x86_64.rpm lib64kdc-samba4_2-4.14.14-1.mga8.x86_64.rpm lib64samba1-4.14.14-1.mga8.x86_64.rpm lib64samba-dc0-4.14.14-1.mga8.x86_64.rpm lib64samba-devel-4.14.14-1.mga8.x86_64.rpm lib64samba-test0-4.14.14-1.mga8.x86_64.rpm lib64smbclient0-4.14.14-1.mga8.x86_64.rpm lib64smbclient-devel-4.14.14-1.mga8.x86_64.rpm lib64wbclient0-4.14.14-1.mga8.x86_64.rpm lib64wbclient-devel-4.14.14-1.mga8.x86_64.rpm python3-samba-4.14.14-1.mga8.x86_64.rpm samba-4.14.14-1.mga8.x86_64.rpm samba-client-4.14.14-1.mga8.x86_64.rpm samba-common-4.14.14-1.mga8.x86_64.rpm samba-dc-4.14.14-1.mga8.x86_64.rpm samba-krb5-printing-4.14.14-1.mga8.x86_64.rpm samba-test-4.14.14-1.mga8.x86_64.rpm samba-winbind-4.14.14-1.mga8.x86_64.rpm samba-winbind-clients-4.14.14-1.mga8.x86_64.rpm samba-winbind-krb5-locator-4.14.14-1.mga8.x86_64.rpm samba-winbind-modules-4.14.14-1.mga8.x86_64.rpm * sssd (Determine these from http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730165215.buchan.duvel.3432169/sssd-2.4.0-1.4.mga8/ when the i586/x86_64 builds are done) Thanks Buchan. Don't forget to update Cauldron. sssd package list: sssd-ipa-2.4.0-1.4.mga8 sssd-common-2.4.0-1.4.mga8 libsss_idmap-devel-2.4.0-1.4.mga8 libsss_simpleifp-devel-2.4.0-1.4.mga8 libipa_hbac-devel-2.4.0-1.4.mga8 sssd-tools-2.4.0-1.4.mga8 sssd-ad-2.4.0-1.4.mga8 libsss_certmap-devel-2.4.0-1.4.mga8 sssd-kcm-2.4.0-1.4.mga8 libsss_nss_idmap-devel-2.4.0-1.4.mga8 sssd-dbus-2.4.0-1.4.mga8 sssd-krb5-common-2.4.0-1.4.mga8 python3-sssdconfig-2.4.0-1.4.mga8 sssd-common-pac-2.4.0-1.4.mga8 sssd-client-2.4.0-1.4.mga8 sssd-ldap-2.4.0-1.4.mga8 sssd-proxy-2.4.0-1.4.mga8 libsss_certmap-2.4.0-1.4.mga8 sssd-krb5-2.4.0-1.4.mga8 libsss_nss_idmap-2.4.0-1.4.mga8 libsss_idmap-2.4.0-1.4.mga8 libsss_autofs-2.4.0-1.4.mga8 libipa_hbac-2.4.0-1.4.mga8 python3-sss-2.4.0-1.4.mga8 sssd-2.4.0-1.4.mga8 libsss_sudo-2.4.0-1.4.mga8 sssd-nfs-idmap-2.4.0-1.4.mga8 python3-libipa_hbac-2.4.0-1.4.mga8 libsss_simpleifp-2.4.0-1.4.mga8 python3-libsss_nss_idmap-2.4.0-1.4.mga8 sssd-winbind-idmap-2.4.0-1.4.mga8 python3-sss-murmur-2.4.0-1.4.mga8 from sssd-2.4.0-1.4.mga8.src.rpm Assignee:
bgmilne =>
qa-bugs > Don't forget to update Cauldron.
sssd-2.6.3-7.mga9 buchan 48 seconds ago cauldron core/release building
samba-4.16.4-1.mga9 buchan 22 minutes ago cauldron core/release partial
ldb-2.5.2-1.mga9 buchan 3 hours ago cauldron core/release uploaded 2 minutes
Ubuntu has issued an advisory for this today (August 1): https://ubuntu.com/security/notices/USN-5542-1 The ldb update in this bug also fixes CVE-2021-3670. MGA8-64 Plasma on Acer Aspire 5253
No installation issues
# systemctl start smb
[root@mach7 ~]# systemctl -l status smb
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2022-08-04 16:02:07 CEST; 9s ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 24374 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 4 (limit: 4364)
Memory: 9.0M
CPU: 469ms
CGroup: /system.slice/smb.service
├─24374 /usr/sbin/smbd --foreground --no-process-group
├─24377 /usr/sbin/smbd --foreground --no-process-group
├─24378 /usr/sbin/smbd --foreground --no-process-group
└─24379 /usr/sbin/smbd --foreground --no-process-group
Aug 04 16:02:05 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon...
Aug 04 16:02:07 mach7.hviaene.thuis smbd[24374]: [2022/08/04 16:02:07.926481, 0] ../../lib/util/become_daemon.c:135(daemon_ready)
Aug 04 16:02:07 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon.
Aug 04 16:02:07 mach7.hviaene.thuis smbd[24374]: daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
Setup server in MCC.
Test connection to smb on my dektop PC
$ smbclient //mach1/herman -U herman
Enter TESTGROUP\herman's password:
Try "help" to get a list of possible commands.
smb: \> pwd
Current directory is \\mach1\herman\
smb: \> ls
. D 0 Thu Aug 4 13:58:37 2022
.. D 0 Thu Aug 4 13:57:07 2022
Viaene-2021-04-18-09-52-04.gramps N 513054 Sun Apr 18 09:52:04 2021
Viaene-2020-08-07-17-48-13.gramps N 509508 Fri Aug 7 17:48:17 2020
rpmbuild D 0 Sun Aug 16 11:16:34 2020
idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010
Watteeuw-2020-08-29-14-22-33.gramps N 678052 Sat Aug 29 14:22:37 2020
kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015
etc ...........
Repeated same smbclient test from my desktop PC to this new server, with similar results.
So samba is OK for me.CC:
(none) =>
herman.viaene Debian has issued an advisory for this on August 11: https://www.debian.org/security/2022/dsa-5205 (In reply to David Walser from comment #7) > Ubuntu has issued an advisory for this today (August 1): > https://ubuntu.com/security/notices/USN-5542-1 > > The ldb update in this bug also fixes CVE-2021-3670. and the CVE-2022-32745 fix is apparently part of ldb: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2RORIRLFLRNQOCVXQU4V3RLZ5C2G75L2/ No one else since Aug. 4, then I'll OK the update. Whiteboard:
(none) =>
MGA8-64-OK Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-08-24 23:24:15 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0299.html Status:
ASSIGNED =>
RESOLVED *** Bug 30407 has been marked as a duplicate of this bug. *** The CVE-2022-32746 fix in this update was also in ldb: https://access.redhat.com/errata/RHSA-2022:7730 Also, CVE-2021-3670 (Bug 30407) was also fixed in this update, per Comment 7. Status:
RESOLVED =>
UNCONFIRMED Reclosing as this update has already been pushed. Status:
UNCONFIRMED =>
RESOLVED |