| Summary: | samba, ldb new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, bgmilne, davidwhodgins, herman.viaene, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | ldb-2.6.1-1.mga9.src.rpm, samba-4.17.5-2.mga9.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 31346 | ||
|
Description
David Walser
2023-03-30 20:17:56 CEST
David Walser
2023-03-30 20:18:16 CEST
Whiteboard:
(none) =>
MGA8TOO SUSE has issued an advisory for this on March 29: https://lists.suse.com/pipermail/sle-security-updates/2023-March/014245.html The CVE-2023-0614 fix is in ldb. Summary:
samba new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614 =>
samba, ldb new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614 I have uploaded ldb-2.5.3 and samba-4.16.10 for MGA8 to updates_testing RPMS: From ldb-2.5.3-1.mga8.src.rpm: ldb-debuginfo-2.5.3-1.mga8.x86_64.rpm ldb-debugsource-2.5.3-1.mga8.x86_64.rpm ldb-utils-2.5.3-1.mga8.x86_64.rpm ldb-utils-debuginfo-2.5.3-1.mga8.x86_64.rpm lib64ldb2-2.5.3-1.mga8.x86_64.rpm lib64ldb2-debuginfo-2.5.3-1.mga8.x86_64.rpm lib64ldb-devel-2.5.3-1.mga8.x86_64.rpm lib64pyldb-util2-2.5.3-1.mga8.x86_64.rpm lib64pyldb-util2-debuginfo-2.5.3-1.mga8.x86_64.rpm lib64pyldb-util-devel-2.5.3-1.mga8.x86_64.rpm python3-ldb-2.5.3-1.mga8.x86_64.rpm python3-ldb-debuginfo-2.5.3-1.mga8.x86_64.rpm From samba-4.16.10-1.mga8.src.rpm: ctdb-4.16.10-1.mga8.x86_64.rpm ctdb-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64samba1-4.16.10-1.mga8.x86_64.rpm lib64samba1-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64samba-dc0-4.16.10-1.mga8.x86_64.rpm lib64samba-dc0-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64samba-devel-4.16.10-1.mga8.x86_64.rpm lib64samba-test0-4.16.10-1.mga8.x86_64.rpm lib64samba-test0-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64smbclient0-4.16.10-1.mga8.x86_64.rpm lib64smbclient0-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64smbclient-devel-4.16.10-1.mga8.x86_64.rpm lib64wbclient0-4.16.10-1.mga8.x86_64.rpm lib64wbclient0-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64wbclient-devel-4.16.10-1.mga8.x86_64.rpm python3-samba-4.16.10-1.mga8.x86_64.rpm python3-samba-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-4.16.10-1.mga8.x86_64.rpm samba-client-4.16.10-1.mga8.x86_64.rpm samba-client-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-common-4.16.10-1.mga8.x86_64.rpm samba-common-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-dc-4.16.10-1.mga8.x86_64.rpm samba-dc-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-debugsource-4.16.10-1.mga8.x86_64.rpm samba-krb5-printing-4.16.10-1.mga8.x86_64.rpm samba-krb5-printing-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-test-4.16.10-1.mga8.x86_64.rpm samba-test-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-winbind-4.16.10-1.mga8.x86_64.rpm samba-winbind-clients-4.16.10-1.mga8.x86_64.rpm samba-winbind-clients-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-winbind-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-winbind-krb5-locator-4.16.10-1.mga8.x86_64.rpm samba-winbind-krb5-locator-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-winbind-modules-4.16.10-1.mga8.x86_64.rpm samba-winbind-modules-debuginfo-4.16.10-1.mga8.x86_64.rpm Updates for cauldron are in progress. Assignee:
bgmilne =>
qa-bugs ldb-2.6.2-1.mga9 and samba-4.17.7-1.mga9 pending freeze move for Cauldron. Buchan, any news on the CVEs in Bug 31346? Mageia 8 update: libldb2-2.5.3-1.mga8 ldb-utils-2.5.3-1.mga8 python3-ldb-2.5.3-1.mga8 libldb-devel-2.5.3-1.mga8 libpyldb-util-devel-2.5.3-1.mga8 libpyldb-util2-2.5.3-1.mga8 libsamba1-4.16.10-1.mga8 python3-samba-4.16.10-1.mga8 samba-dc-4.16.10-1.mga8 samba-test-4.16.10-1.mga8 ctdb-4.16.10-1.mga8 samba-4.16.10-1.mga8 samba-client-4.16.10-1.mga8 libsamba-dc0-4.16.10-1.mga8 samba-common-4.16.10-1.mga8 libsamba-devel-4.16.10-1.mga8 samba-winbind-4.16.10-1.mga8 samba-winbind-modules-4.16.10-1.mga8 libsmbclient0-4.16.10-1.mga8 samba-winbind-clients-4.16.10-1.mga8 libsmbclient-devel-4.16.10-1.mga8 libwbclient0-4.16.10-1.mga8 libsamba-test0-4.16.10-1.mga8 libwbclient-devel-4.16.10-1.mga8 samba-krb5-printing-4.16.10-1.mga8 samba-winbind-krb5-locator-4.16.10-1.mga8 from SRPMS: ldb-2.5.3-1.mga8.src.rpm samba-4.16.10-1.mga8.src.rpm Version:
Cauldron =>
8 ldb-2.6.2-1.mga9 and samba-4.17.7-1.mga9 are in core/updates_testing for cauldron, due to version freeze. I have requested that they be moved to core/release. MGA8-64 MATE on Acer Aspire 5253. No installation issues with list from Comment 2. Ref bug 29641 for testing Made sure smb server is running # systemctl start smb # systemctl -l status smb ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2023-04-03 16:10:51 CEST; 14s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 9343 (smbd) Status: "smbd: ready to serve connections..." Tasks: 3 (limit: 4364) Memory: 6.8M CPU: 396ms CGroup: /system.slice/smb.service ├─9343 /usr/sbin/smbd --foreground --no-process-group ├─9347 /usr/sbin/smbd --foreground --no-process-group └─9348 /usr/sbin/smbd --foreground --no-process-group Apr 03 16:10:47 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon... Apr 03 16:10:51 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon. Configure in MCC basic smb shares and user. Then as normal user, test connection to Samba server on my desktop PC: $ smbclient //mach1/herman -U herman smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section Password for [TESTGROUP\herman]: smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section Try "help" to get a list of possible commands. smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Mon Apr 3 08:55:28 2023 .. D 0 Thu Aug 4 13:57:07 2022 .dillo DH 0 Thu Nov 17 18:08:47 2022 rpmbuild D 0 Sun Aug 16 11:16:34 2020 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 Watteeuw-2020-08-29-14-22-33.gramps N 678052 Sat Aug 29 14:22:37 2020 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 .audacity-data DH 0 Sat Jan 21 09:22:15 2023 .qareporc H 123 Fri Feb 5 15:51:00 2021 .gnucash DH 0 Sun Dec 29 11:33:23 2019 ipv6.html N 22650 Tue Dec 29 12:35:25 2009 CV muzikaal.odt N 11374 Sat May 28 09:04:16 2016 etc....... 607542464 blocks of size 1024. 182832492 blocks available smb: \> quit Repeated same smbclient test from my desktop PC to this new server, with similar results. So samba is OK for me. CC:
(none) =>
herman.viaene Freeze move has been done. (In reply to David Walser from comment #3) > Buchan, any news on the CVEs in Bug 31346? Ping. Validating. Keywords:
(none) =>
validated_update (In reply to David Walser from comment #6) > (In reply to David Walser from comment #3) > > Buchan, any news on the CVEs in Bug 31346? > > Ping. Ping Buchan...
Dave Hodgins
2023-04-06 20:55:32 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0127.html Status:
ASSIGNED =>
RESOLVED |