Fedora has issued an advisory on May 12: https://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html There's more information on the issue in the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1079819 The issue was fixed upstream in 1.1.1. Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
CC: (none) => fundawangWhiteboard: (none) => MGA4TOO, MGA3TOO
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated smb4k packages fix security vulnerability: Smb4k before 1.1.1 allows the cruid CIFS mount option to be specified by the user (CVE-2014-2581). The smb4k package has been updated to version 1.1.2, which fixes this issue and also contains several other bug fixes and additions. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2581 http://sourceforge.net/projects/smb4k/files/1.1.0/ http://sourceforge.net/projects/smb4k/files/1.1.1/ http://sourceforge.net/projects/smb4k/files/1.1.2/ https://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html ======================== Updated packages in core/updates_testing: ======================== smb4k-1.1.2-1.mga3 libsmb4kcore4-1.1.2-1.mga3 smb4k-devel-1.1.2-1.mga3 smb4k-1.1.2-1.mga4 libsmb4kcore4-1.1.2-1.mga4 smb4k-devel-1.1.2-1.mga4 from SRPMS: smb4k-1.1.2-1.mga3.src.rpm smb4k-1.1.2-1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
The Mageia 4 update built against the KDE 4.11.5 update in updates_testing and won't work properly with KDE 4.11.4. Could a sysadmin please remove the KDE 4.11.5 packages as well as this smb4k update from updates_testing so that I can rebuild it? Thanks.
CC: (none) => sysadmin-bugsWhiteboard: MGA3TOO => MGA3TOO feedback
KDE 4.11.5 nuked
CC: (none) => tmbWhiteboard: MGA3TOO feedback => MGA3TOO
(In reply to Thomas Backlund from comment #3) > KDE 4.11.5 nuked Thanks. Could you nuke the current smb4k build that's there as well?
smb4k nuked
Thanks. Fresh build submitted. It should be available in an hour (if the build system starts working correctly again).
Tested successfully Mageia 3 i586 and Mageia 4 i586 in VMWare VMs. I was able to scan our local network for Windows machines, and double-click on one to see the shares it had, and double-click on one of the shares to mount it. I was able to access that filesystem normally, and then unmount it. In this updated version, once you get to a machine to try to see its shares, it can be a bit awkward. It wants to use kwallet if you double-click it. If you just select it and hit the Authentication button in the toolbar, then you can just enter the Windows credentials and it works fine. That's what I did when I tested the updates.
Whiteboard: MGA3TOO => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK
Testing complete mga4 64
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK mga4-64-ok
Testing complete mga3 64
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK mga4-64-ok => MGA3TOO has_procedure MGA3-32-OK mga3-64-ok MGA4-32-OK mga4-64-ok
Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure MGA3-32-OK mga3-64-ok MGA4-32-OK mga4-64-ok => MGA3TOO has_procedure advisory MGA3-32-OK mga3-64-ok MGA4-32-OK mga4-64-ok
Update pushed: http://advisories.mageia.org/MGASA-2014-0271.html
Status: NEW => RESOLVEDResolution: (none) => FIXED