Bug 32152

Summary: samba new security issues CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968
Product: Mageia Reporter: Buchan Milne <bgmilne>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: samba-4.16.10-1.mga8.src.rpm CVE:
Status comment:

Description Buchan Milne 2023-08-01 21:24:40 CEST 
The Samba team has issued new advisories and released new patch releases of samba-4.16 (4.16.11), 4.17 (4.17.10) and 4.18 (4.18.5).

https://www.samba.org/samba/security/CVE-2023-34967.html

https://www.samba.org/samba/security/CVE-2022-2127.html

https://www.samba.org/samba/security/CVE-2023-34968.html

https://www.samba.org/samba/security/CVE-2023-34966.html

https://www.samba.org/samba/security/CVE-2023-3347.html

I have uploaded 4.16.11 to core/updates_testing for 8, and 4.17.10 for cauldron.

Please test 4.16.11 for core/updates_testing

The resulted packages can be found at the end of the build logs:

e.g. from http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20230731195208.buchan.duvel.1006327/samba-4.16.11-1.mga8/build.x86_64.0.20230731195302.log :

ctdb-4.16.11-1.mga8.x86_64.rpm
ctdb-debuginfo-4.16.11-1.mga8.x86_64.rpm
lib64samba1-4.16.11-1.mga8.x86_64.rpm
lib64samba1-debuginfo-4.16.11-1.mga8.x86_64.rpm
lib64samba-dc0-4.16.11-1.mga8.x86_64.rpm
lib64samba-dc0-debuginfo-4.16.11-1.mga8.x86_64.rpm
lib64samba-devel-4.16.11-1.mga8.x86_64.rpm
lib64samba-test0-4.16.11-1.mga8.x86_64.rpm
lib64samba-test0-debuginfo-4.16.11-1.mga8.x86_64.rpm
lib64smbclient0-4.16.11-1.mga8.x86_64.rpm
lib64smbclient0-debuginfo-4.16.11-1.mga8.x86_64.rpm
lib64smbclient-devel-4.16.11-1.mga8.x86_64.rpm
lib64wbclient0-4.16.11-1.mga8.x86_64.rpm
lib64wbclient0-debuginfo-4.16.11-1.mga8.x86_64.rpm
lib64wbclient-devel-4.16.11-1.mga8.x86_64.rpm
python3-samba-4.16.11-1.mga8.x86_64.rpm
python3-samba-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-4.16.11-1.mga8.x86_64.rpm
samba-client-4.16.11-1.mga8.x86_64.rpm
samba-client-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-common-4.16.11-1.mga8.x86_64.rpm
samba-common-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-dc-4.16.11-1.mga8.x86_64.rpm
samba-dc-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-debugsource-4.16.11-1.mga8.x86_64.rpm
samba-krb5-printing-4.16.11-1.mga8.x86_64.rpm
samba-krb5-printing-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-test-4.16.11-1.mga8.x86_64.rpm
samba-test-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-winbind-4.16.11-1.mga8.x86_64.rpm
samba-winbind-clients-4.16.11-1.mga8.x86_64.rpm
samba-winbind-clients-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-winbind-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-winbind-krb5-locator-4.16.11-1.mga8.x86_64.rpm
samba-winbind-krb5-locator-debuginfo-4.16.11-1.mga8.x86_64.rpm
samba-winbind-modules-4.16.11-1.mga8.x86_64.rpm
samba-winbind-modules-debuginfo-4.16.11-1.mga8.x86_64.rpm
Jani Välimaa 2023-08-02 09:46:46 CEST

QA Contact: (none) => security
Component: RPM Packages => Security
Whiteboard: (none) => MGA9TOO

Comment 1 Herman Viaene 2023-08-02 13:42:38 CEST 
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Ref bugs 31735 and 29641 for testing
Made sure smb server is running
# systemctl start smb
# systemctl -l status smb
● smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
     Active: active (running) since Wed 2023-08-02 13:10:35 CEST; 15s ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 11467 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 3 (limit: 4364)
     Memory: 7.4M
        CPU: 421ms
     CGroup: /system.slice/smb.service
             ├─11467 /usr/sbin/smbd --foreground --no-process-group
             ├─11470 /usr/sbin/smbd --foreground --no-process-group
             └─11471 /usr/sbin/smbd --foreground --no-process-group

Aug 02 13:10:33 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon...
Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]: [2023/08/02 13:10:33.765568,  0] ../../source3/smbd/server.c:1741>
Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]:   smbd version 4.16.11 started.
Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]:   Copyright Andrew Tridgell and the Samba Team 1992-2022
Aug 02 13:10:35 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon.

Configure in MCC basic smb shares and user.
Then as normal user, test connection to Samba server on my desktop PC:
# systemctl -l status smb
● smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
     Active: active (running) since Wed 2023-08-02 13:10:35 CEST; 15s ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 11467 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 3 (limit: 4364)
     Memory: 7.4M
        CPU: 421ms
     CGroup: /system.slice/smb.service
             ├─11467 /usr/sbin/smbd --foreground --no-process-group
             ├─11470 /usr/sbin/smbd --foreground --no-process-group
             └─11471 /usr/sbin/smbd --foreground --no-process-group

Aug 02 13:10:33 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon...
Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]: [2023/08/02 13:10:33.765568,  0] ../../source3/smbd/server.c:1741>
Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]:   smbd version 4.16.11 started.
Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]:   Copyright Andrew Tridgell and the Samba Team 1992-2022
Aug 02 13:10:35 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon.

$ smbclient  //mach1/herman -U herman
Password for [MYGROUP\herman]:
Try "help" to get a list of possible commands.
smb: \> pwd
Current directory is \\mach1\herman\
smb: \> ls
  .                                   D        0  Wed Aug  2 09:34:37 2023
  ..                                  D        0  Thu Aug  4 13:57:07 2022
  .dillo                             DH        0  Thu Nov 17 18:08:47 2022
  rpmbuild                            D        0  Sun Aug 16 11:16:34 2020
  idkaartherman.jpg                   N   235947  Thu Sep 23 17:27:46 2010
  Watteeuw-2020-08-29-14-22-33.gramps      N   678052  Sat Aug 29 14:22:37 2020
  kerst2015nedklein.ppsx              N  1514274  Fri Dec 25 20:05:05 2015
  .audacity-data                     DH        0  Sat Jan 21 09:22:15 2023
  .qareporc                           H      123  Fri Feb  5 15:51:00 2021
  .gnucash                           DH        0  Sun Dec 29 11:33:23 2019
  ipv6.html                           N    22650  Tue Dec 29 12:35:25 2009
  CV muzikaal.odt                     N    11374  Sat May 28 09:04:16 2016
  Picture1.jpg                        N   118784  Tue Dec 29 12:35:24 2009
  atl.dll                             N    73785  Tue Dec 29 12:35:24 2009
  IP-Masquerade-HOWTO-5.html          N    22228  Tue Dec 29 12:35:24 2009
  montage.pdf                         N  5889267  Fri Jan 10 09:31:57 2014
  vis.mp3                             N   160344  Tue Dec 29 12:35:25 2009
  index.php                           N    72003  Tue Dec 29 12:35:25 2009
  DATA                                D        0  Mon Jul 27 11:15:39 2020
  .VirtualBox                        DH        0  Fri Jul  7 14:16:33 2023
  oraInventory                        D        0  Sun May 13 17:16:34 2018
  audacity2.0-herman                  D        0  Mon Jul 27 11:14:53 2020
etc......

smb: \> quit

Repeated same smbclient test from my desktop PC to this new server, with similar results.
So samba is OK for me.

CC: (none) => herman.viaene
Whiteboard: MGA9TOO => MGA8TOO MGA9TOO MGA8-64-OK

Comment 2 David Walser 2023-08-04 16:55:03 CEST 
Release notes for the fixed versions:
 https://www.samba.org/samba/history/samba-4.16.11.html
 https://www.samba.org/samba/history/samba-4.17.10.html

Note that CVE-2023-3347 only affects Cauldron.

Cauldron hasn't been updated (there's an update in testing but it hasn't been pushed to release).

Version: 8 => Cauldron

Comment 3 Herman Viaene 2023-08-11 13:56:33 CEST 
I suppose the version to be tested for M9 is 4.17.10 ?????
Comment 4 Herman Viaene 2023-08-11 14:20:41 CEST 
Same tests as in Comment 1 for 4.17.10
# systemctl start smb
# systemctl -l status smb
● smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; preset: disabled)
     Active: active (running) since Fri 2023-08-11 14:07:38 CEST; 20s ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 43411 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 3 (limit: 4317)
     Memory: 7.5M
        CPU: 442ms
     CGroup: /system.slice/smb.service
             ├─43411 /usr/sbin/smbd --foreground --no-process-group
             ├─43415 /usr/sbin/smbd --foreground --no-process-group
             └─43416 /usr/sbin/smbd --foreground --no-process-group

Aug 11 14:07:33 mach7.hviaene.thuis systemd[1]: Starting smb.service...
Aug 11 14:07:37 mach7.hviaene.thuis smbd[43411]: [2023/08/11 14:07:37.740170,  0] ../../source3/smbd/server.c:1>
Aug 11 14:07:37 mach7.hviaene.thuis smbd[43411]:   smbd version 4.17.10 started.
Aug 11 14:07:37 mach7.hviaene.thuis smbd[43411]:   Copyright Andrew Tridgell and the Samba Team 1992-2022
Aug 11 14:07:38 mach7.hviaene.thuis systemd[1]: Started smb.service.
Then as normal user, test connection to Samba server on my desktop PC:
$ smbclient  //mach1/herman -U herman
Password for [WORKGROUP\herman]:
Try "help" to get a list of possible commands.
smb: \> pwd
Current directory is \\mach1\herman\
smb: \> ls
  .                                   D        0  Fri Aug 11 08:38:30 2023
  ..                                  D        0  Thu Aug  4 13:57:07 2022
  .dillo                             DH        0  Thu Nov 17 18:08:47 2022
  rpmbuild                            D        0  Sun Aug 16 11:16:34 2020
  idkaartherman.jpg                   N   235947  Thu Sep 23 17:27:46 2010
  Watteeuw-2020-08-29-14-22-33.gramps      N   678052  Sat Aug 29 14:22:37 2020
  kerst2015nedklein.ppsx              N  1514274  Fri Dec 25 20:05:05 2015
  .audacity-data                     DH        0  Sat Jan 21 09:22:15 2023
  .qareporc                           H      123  Fri Feb  5 15:51:00 2021
  .gnucash                           DH        0  Sun Dec 29 11:33:23 2019
  ipv6.html                           N    22650  Tue Dec 29 12:35:25 2009
  CV muzikaal.odt                     N    11374  Sat May 28 09:04:16 2016
  Picture1.jpg                        N   118784  Tue Dec 29 12:35:24 2009
  atl.dll                             N    73785  Tue Dec 29 12:35:24 2009
  IP-Masquerade-HOWTO-5.html          N    22228  Tue Dec 29 12:35:24 2009
  montage.pdf                         N  5889267  Fri Jan 10 09:31:57 2014
  vis.mp3                             N   160344  Tue Dec 29 12:35:25 2009
  index.php                           N    72003  Tue Dec 29 12:35:25 2009
  DATA                                D        0  Mon Jul 27 11:15:39 2020
  .VirtualBox                        DH        0  Fri Jul  7 14:16:33 2023
etc....
smb: \> quit


Repeated same smbclient test from my desktop PC to this new server, with similar results.
Samba OK for this version in M9.

Note: I didn't see 4.18.5 in Core/Updates/Testing

Whiteboard: MGA8TOO MGA9TOO MGA8-64-OK => MGA8TOO MGA9TOO MGA8-64-OK MGA9-64-OK

Comment 5 Buchan Milne 2023-08-11 17:59:47 CEST 
> I suppose the version to be tested for M9 is 4.17.10 ?????

Yes.

> Note: I didn't see 4.18.5 in Core/Updates/Testing

Cauldron has been in version freeze since 4.18.0 was released, so we won't upgrade to 4.18 (maybe 4.19?) until Cauldron re-opens.

Thank you for testing.

Status: NEW => ASSIGNED

Comment 6 Thomas Backlund 2023-08-12 13:23:48 CEST 
Cauldron/mga9 packages moved to release

Version: Cauldron => 8

Thomas Backlund 2023-08-12 13:24:51 CEST

Whiteboard: MGA8TOO MGA9TOO MGA8-64-OK MGA9-64-OK => MGA8-64-OK

Comment 7 Thomas Andrews 2023-08-12 14:20:13 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-08-20 21:06:20 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2023-08-23 21:58:21 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0247.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED