| Summary: | samba new security issues CVE-2023-3961, CVE-2023-4091 and CVE-2023-42669 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, bgmilne, marja11, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK MGA9-32-OK | ||
| Source RPM: | samba-4.17.10-1.mga9.src.rpm | CVE: | CVE-2023-3961, CVE-2023-4091, CVE-2023-42669 |
| Status comment: | Fixed upstream in 4.17.12 | ||
| Bug Depends on: | |||
| Bug Blocks: | 28606 | ||
|
Description
Nicolas Salguero
2023-11-24 12:44:00 CET
Nicolas Salguero
2023-11-24 12:44:35 CET
Status comment:
(none) =>
Fixed upstream in 4.17.12 (In reply to Nicolas Salguero from comment #0) > The problem is fixed in 2.17.12 and 2.19.1. Cauldron has 2.19.2 so it is not > affected. I suspect you meant 4.17.12, 4.19.1, 4.19.2 (which is in Cauldron). Assigning to Samba's carer Buchan. Assignee:
bugsquad =>
bgmilne samba-4.17.12-1.mga9 is currently building on the build system. The resulting packages should be: ctdb-4.17.12-1.mga9.x86_64.rpm ctdb-debuginfo-4.17.12-1.mga9.x86_64.rpm lib64samba1-4.17.12-1.mga9.x86_64.rpm lib64samba1-debuginfo-4.17.12-1.mga9.x86_64.rpm lib64samba-dc0-4.17.12-1.mga9.x86_64.rpm lib64samba-dc0-debuginfo-4.17.12-1.mga9.x86_64.rpm lib64samba-devel-4.17.12-1.mga9.x86_64.rpm lib64samba-test0-4.17.12-1.mga9.x86_64.rpm lib64samba-test0-debuginfo-4.17.12-1.mga9.x86_64.rpm lib64smbclient0-4.17.12-1.mga9.x86_64.rpm lib64smbclient0-debuginfo-4.17.12-1.mga9.x86_64.rpm lib64smbclient-devel-4.17.12-1.mga9.x86_64.rpm lib64wbclient0-4.17.12-1.mga9.x86_64.rpm lib64wbclient0-debuginfo-4.17.12-1.mga9.x86_64.rpm lib64wbclient-devel-4.17.12-1.mga9.x86_64.rpm python3-samba-4.17.12-1.mga9.x86_64.rpm python3-samba-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-4.17.12-1.mga9.x86_64.rpm samba-client-4.17.12-1.mga9.x86_64.rpm samba-client-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-common-4.17.12-1.mga9.x86_64.rpm samba-common-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-dc-4.17.12-1.mga9.x86_64.rpm samba-dc-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-debugsource-4.17.12-1.mga9.x86_64.rpm samba-krb5-printing-4.17.12-1.mga9.x86_64.rpm samba-krb5-printing-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-test-4.17.12-1.mga9.x86_64.rpm samba-test-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-usershares-4.17.12-1.mga9.x86_64.rpm samba-winbind-4.17.12-1.mga9.x86_64.rpm samba-winbind-clients-4.17.12-1.mga9.x86_64.rpm samba-winbind-clients-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-winbind-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-winbind-krb5-locator-4.17.12-1.mga9.x86_64.rpm samba-winbind-krb5-locator-debuginfo-4.17.12-1.mga9.x86_64.rpm samba-winbind-modules-4.17.12-1.mga9.x86_64.rpm samba-winbind-modules-debuginfo-4.17.12-1.mga9.x86_64.rpm Transferring to qa-team. Besides the update, a Recommends for cifs-client was added in samba-client for https://bugs.mageia.org/show_bug.cgi?id=28606 CC:
(none) =>
bgmilne Advisory with SRPM from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete" CVE:
(none) =>
CVE-2023-3961, CVE-2023-4091, CVE-2023-42669 Tested on Real Hardware Mageia 9 x86_64 lxqt
LC_ALL=C urpmi samba-client
To satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium "Core Release (Installer) (DVD1)")
keyutils 1.6.3 2.mga9 x86_64 (recommended)
(medium "QA Testing (64-bit)")
lib64samba-dc0 4.17.12 1.mga9 x86_64
lib64samba1 4.17.12 1.mga9 x86_64
lib64smbclient0 4.17.12 1.mga9 x86_64
lib64wbclient0 4.17.12 1.mga9 x86_64
samba-client 4.17.12 1.mga9 x86_64
samba-common 4.17.12 1.mga9 x86_64
samba-winbind 4.17.12 1.mga9 x86_64
samba-winbind-clients 4.17.12 1.mga9 x86_64
samba-winbind-modules 4.17.12 1.mga9 x86_64
(medium "Core Release")
cifs-utils 7.0 1.mga9 x86_64 (recommended)
2.8MB of additional disk space will be used.
8.9MB of packages will be retrieved.
Proceed with the installation of the 11 packages? (Y/n) y
https://mirrors.kernel.org/mageia/distrib/9/x86_64/media/core/release/cifs-utils-7.0-1.mga9.x86_64.rpm
installing //home/katnatek/qa-testing/x86_64/samba-winbind-4.17.12-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/samba-winbind-clients-4.17.12-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64smbclient0-4.17.12-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64samba1-4.17.12-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/samba-common-4.17.12-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64samba-dc0-4.17.12-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64wbclient0-4.17.12-1.mga9.x86_64.rpm
/mnt/MageiaDVD/x86_64/media/core/keyutils-1.6.3-2.mga9.x86_64.rpm
/var/cache/urpmi/rpms/cifs-utils-7.0-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/samba-client-4.17.12-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/samba-winbind-modules-4.17.12-1.mga9.x86_64.rpm
Preparing... ###########################################################################################
1/11: lib64samba-dc0 ###########################################################################################
2/11: samba-common ###########################################################################################
3/11: lib64wbclient0 ###########################################################################################
4/11: lib64samba1 ###########################################################################################
5/11: lib64smbclient0 ###########################################################################################
6/11: samba-winbind-modules ###########################################################################################
7/11: samba-winbind ###########################################################################################
8/11: keyutils ###########################################################################################
9/11: cifs-utils ###########################################################################################
10/11: samba-client ###########################################################################################
11/11: samba-winbind-clients ###########################################################################################
1/8: removing lib64smbclient0-4.17.10-1.mga9.x86_64
###########################################################################################
2/8: removing samba-winbind-clients-4.17.10-1.mga9.x86_64
###########################################################################################
3/8: removing samba-winbind-4.17.10-1.mga9.x86_64
###########################################################################################
4/8: removing samba-common-4.17.10-1.mga9.x86_64
###########################################################################################
5/8: removing samba-winbind-modules-4.17.10-1.mga9.x86_64
###########################################################################################
6/8: removing lib64samba-dc0-4.17.10-1.mga9.x86_64
###########################################################################################
7/8: removing lib64samba1-4.17.10-1.mga9.x86_64
###########################################################################################
8/8: removing lib64wbclient0-4.17.10-1.mga9.x86_64
###########################################################################################
keyutils and cifs-utils are installed as recommends, so this update fix bug#28606
I have to configure samba here and my other machine to do more test
Testing on Real Hardware Mageia 9 i586 Packages status before install testing packages LC_ALL=C rpm -q cifs-utils package cifs-utils is not installed LC_ALL=C rpm -qa|grep samba vlc-plugin-samba-3.0.18-5.mga9 libsamba1-4.17.10-1.mga9 libsamba-dc0-4.17.10-1.mga9 samba-common-4.17.10-1.mga9 samba-winbind-modules-4.17.10-1.mga9 samba-winbind-4.17.10-1.mga9 samba-winbind-clients-4.17.10-1.mga9 samba-client-4.17.10-1.mga9 After update to testing packages LC_ALL=C rpm -q cifs-utils cifs-utils-7.0-1.mga9 LC_ALL=C rpm -qa|grep samba vlc-plugin-samba-3.0.18-5.mga9 samba-common-4.17.12-1.mga9 libsamba-dc0-4.17.12-1.mga9 libsamba1-4.17.12-1.mga9 samba-winbind-modules-4.17.12-1.mga9 samba-winbind-4.17.12-1.mga9 samba-client-4.17.12-1.mga9 samba-winbind-clients-4.17.12-1.mga9 I mount a remote shared folder with success mount.cifs //192.168.1.3/Descargas /mnt/Descargas -o guest Whiteboard:
(none) =>
MGA9-64-OK,MGA9-32OK
katnatek
2023-12-04 22:33:07 CET
Whiteboard:
MGA9-64-OK,MGA9-32OK =>
MGA9-64-OK,MGA9-32-OK Validating. Keywords:
(none) =>
validated_update
David Walser
2023-12-05 00:45:03 CET
Whiteboard:
MGA9-64-OK,MGA9-32-OK =>
MGA9-64-OK MGA9-32-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0340.html Status:
NEW =>
RESOLVED |