Upstream has released version 3.6.20 on November 11, fixing a security issue: http://www.samba.org/samba/history/samba-3.6.20.html Patched packages uploaded for Mageia 2 and Mageia 3. Freeze push requested to update the package in Cauldron. Advisory: ======================== Updated samba packages fix security vulnerabilities: Samba versions before 3.6.20 do not check the underlying file or directory ACL when opening an alternate data stream (CVE-2013-4475). Samba is not configured by default to support alternate data streams, so only servers that have enabled the streams_depot or streams_xattr VFS modules are affected. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475 http://www.samba.org/samba/history/samba-3.6.20.html ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.5-2.4.mga2 samba-client-3.6.5-2.4.mga2 samba-common-3.6.5-2.4.mga2 samba-doc-3.6.5-2.4.mga2 samba-swat-3.6.5-2.4.mga2 samba-winbind-3.6.5-2.4.mga2 nss_wins-3.6.5-2.4.mga2 libsmbclient0-3.6.5-2.4.mga2 libsmbclient0-devel-3.6.5-2.4.mga2 libsmbclient0-static-devel-3.6.5-2.4.mga2 libnetapi0-3.6.5-2.4.mga2 libnetapi-devel-3.6.5-2.4.mga2 libsmbsharemodes0-3.6.5-2.4.mga2 libsmbsharemodes-devel-3.6.5-2.4.mga2 libwbclient0-3.6.5-2.4.mga2 libwbclient-devel-3.6.5-2.4.mga2 samba-virusfilter-clamav-3.6.5-2.4.mga2 samba-virusfilter-fsecure-3.6.5-2.4.mga2 samba-virusfilter-sophos-3.6.5-2.4.mga2 samba-domainjoin-gui-3.6.5-2.4.mga2 samba-server-3.6.15-1.2.mga3 samba-client-3.6.15-1.2.mga3 samba-common-3.6.15-1.2.mga3 samba-doc-3.6.15-1.2.mga3 samba-swat-3.6.15-1.2.mga3 samba-winbind-3.6.15-1.2.mga3 nss_wins-3.6.15-1.2.mga3 libsmbclient0-3.6.15-1.2.mga3 libsmbclient0-devel-3.6.15-1.2.mga3 libsmbclient0-static-devel-3.6.15-1.2.mga3 libnetapi0-3.6.15-1.2.mga3 libnetapi-devel-3.6.15-1.2.mga3 libsmbsharemodes0-3.6.15-1.2.mga3 libsmbsharemodes-devel-3.6.15-1.2.mga3 libwbclient0-3.6.15-1.2.mga3 libwbclient-devel-3.6.15-1.2.mga3 samba-virusfilter-clamav-3.6.15-1.2.mga3 samba-virusfilter-fsecure-3.6.15-1.2.mga3 samba-virusfilter-sophos-3.6.15-1.2.mga3 samba-domainjoin-gui-3.6.15-1.2.mga3 from SRPMS: samba-3.6.5-2.4.mga2.src.rpm samba-3.6.15-1.2.mga3.src.rpm Reproducible: Steps to Reproduce:
CC'ing sysadmins as we need this pushed in Cauldron.
CC: (none) => sysadmin-bugsWhiteboard: (none) => MGA2TOO
Updating the references to use the slightly more detailed upstream advisory. Advisory: ======================== Updated samba packages fix security vulnerabilities: Samba versions before 3.6.20 do not check the underlying file or directory ACL when opening an alternate data stream (CVE-2013-4475). Samba is not configured by default to support alternate data streams, so only servers that have enabled the streams_depot or streams_xattr VFS modules are affected. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475 http://www.samba.org/samba/security/CVE-2013-4475 ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.5-2.4.mga2 samba-client-3.6.5-2.4.mga2 samba-common-3.6.5-2.4.mga2 samba-doc-3.6.5-2.4.mga2 samba-swat-3.6.5-2.4.mga2 samba-winbind-3.6.5-2.4.mga2 nss_wins-3.6.5-2.4.mga2 libsmbclient0-3.6.5-2.4.mga2 libsmbclient0-devel-3.6.5-2.4.mga2 libsmbclient0-static-devel-3.6.5-2.4.mga2 libnetapi0-3.6.5-2.4.mga2 libnetapi-devel-3.6.5-2.4.mga2 libsmbsharemodes0-3.6.5-2.4.mga2 libsmbsharemodes-devel-3.6.5-2.4.mga2 libwbclient0-3.6.5-2.4.mga2 libwbclient-devel-3.6.5-2.4.mga2 samba-virusfilter-clamav-3.6.5-2.4.mga2 samba-virusfilter-fsecure-3.6.5-2.4.mga2 samba-virusfilter-sophos-3.6.5-2.4.mga2 samba-domainjoin-gui-3.6.5-2.4.mga2 samba-server-3.6.15-1.2.mga3 samba-client-3.6.15-1.2.mga3 samba-common-3.6.15-1.2.mga3 samba-doc-3.6.15-1.2.mga3 samba-swat-3.6.15-1.2.mga3 samba-winbind-3.6.15-1.2.mga3 nss_wins-3.6.15-1.2.mga3 libsmbclient0-3.6.15-1.2.mga3 libsmbclient0-devel-3.6.15-1.2.mga3 libsmbclient0-static-devel-3.6.15-1.2.mga3 libnetapi0-3.6.15-1.2.mga3 libnetapi-devel-3.6.15-1.2.mga3 libsmbsharemodes0-3.6.15-1.2.mga3 libsmbsharemodes-devel-3.6.15-1.2.mga3 libwbclient0-3.6.15-1.2.mga3 libwbclient-devel-3.6.15-1.2.mga3 samba-virusfilter-clamav-3.6.15-1.2.mga3 samba-virusfilter-fsecure-3.6.15-1.2.mga3 samba-virusfilter-sophos-3.6.15-1.2.mga3 samba-domainjoin-gui-3.6.15-1.2.mga3 from SRPMS: samba-3.6.5-2.4.mga2.src.rpm samba-3.6.15-1.2.mga3.src.rpm
Severity: normal => major
samba-3.6.20-1.mga4 has been uploaded for Cauldron.
CC: sysadmin-bugs => (none)
Procedure: https://bugs.mageia.org/show_bug.cgi?id=10926#c7
Whiteboard: MGA2TOO => MGA2TOO has_procedure
Advisory uploaded. Please remove 'advisory' tag from whiteboard if anything changes.
Whiteboard: MGA2TOO has_procedure => MGA2TOO has_procedure advisory
URL: (none) => http://lwn.net/Vulnerabilities/574315/
Testing complete Mageia 2 and 3, i586 and x86_64. Someone from the sysadmin team please push 11656.adv to updates.
Keywords: (none) => validated_updateWhiteboard: MGA2TOO has_procedure advisory => MGA2TOO has_procedure advisory MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0348.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED