Upstream has issued advisories today (June 23): http://www.samba.org/samba/security/CVE-2014-0244 http://www.samba.org/samba/security/CVE-2014-3493 The issues are fixed in 3.6.24. Updated packages uploaded for Mageia 4 and Cauldron. Patched package uploaded for Mageia 3. Advisory: ======================== Updated samba packages fix security vulnerabilities: Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493 http://www.samba.org/samba/security/CVE-2014-0244 http://www.samba.org/samba/security/CVE-2014-3493 ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.15-1.5.mga3 samba-client-3.6.15-1.5.mga3 samba-common-3.6.15-1.5.mga3 samba-doc-3.6.15-1.5.mga3 samba-swat-3.6.15-1.5.mga3 samba-winbind-3.6.15-1.5.mga3 nss_wins-3.6.15-1.5.mga3 libsmbclient0-3.6.15-1.5.mga3 libsmbclient0-devel-3.6.15-1.5.mga3 libsmbclient0-static-devel-3.6.15-1.5.mga3 libnetapi0-3.6.15-1.5.mga3 libnetapi-devel-3.6.15-1.5.mga3 libsmbsharemodes0-3.6.15-1.5.mga3 libsmbsharemodes-devel-3.6.15-1.5.mga3 libwbclient0-3.6.15-1.5.mga3 libwbclient-devel-3.6.15-1.5.mga3 samba-virusfilter-clamav-3.6.15-1.5.mga3 samba-virusfilter-fsecure-3.6.15-1.5.mga3 samba-virusfilter-sophos-3.6.15-1.5.mga3 samba-domainjoin-gui-3.6.15-1.5.mga3 samba-server-3.6.24-1.mga4 samba-client-3.6.24-1.mga4 samba-common-3.6.24-1.mga4 samba-doc-3.6.24-1.mga4 samba-swat-3.6.24-1.mga4 samba-winbind-3.6.24-1.mga4 nss_wins-3.6.24-1.mga4 libsmbclient0-3.6.24-1.mga4 libsmbclient0-devel-3.6.24-1.mga4 libsmbclient0-static-devel-3.6.24-1.mga4 libnetapi0-3.6.24-1.mga4 libnetapi-devel-3.6.24-1.mga4 libsmbsharemodes0-3.6.24-1.mga4 libsmbsharemodes-devel-3.6.24-1.mga4 libwbclient0-3.6.24-1.mga4 libwbclient-devel-3.6.24-1.mga4 samba-virusfilter-clamav-3.6.24-1.mga4 samba-virusfilter-fsecure-3.6.24-1.mga4 samba-virusfilter-sophos-3.6.24-1.mga4 samba-domainjoin-gui-3.6.24-1.mga4 from SRPMS: samba-3.6.15-1.5.mga3.src.rpm samba-3.6.24-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Debian has issued an advisory for this today (June 23): https://www.debian.org/security/2014/dsa-2966 They also patched CVE-2014-0178, which upstream failed to fix in 3.6.x. Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493 http://www.samba.org/samba/security/CVE-2014-0244 http://www.samba.org/samba/security/CVE-2014-3493 ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.15-1.6.mga3 samba-client-3.6.15-1.6.mga3 samba-common-3.6.15-1.6.mga3 samba-doc-3.6.15-1.6.mga3 samba-swat-3.6.15-1.6.mga3 samba-winbind-3.6.15-1.6.mga3 nss_wins-3.6.15-1.6.mga3 libsmbclient0-3.6.15-1.6.mga3 libsmbclient0-devel-3.6.15-1.6.mga3 libsmbclient0-static-devel-3.6.15-1.6.mga3 libnetapi0-3.6.15-1.6.mga3 libnetapi-devel-3.6.15-1.6.mga3 libsmbsharemodes0-3.6.15-1.6.mga3 libsmbsharemodes-devel-3.6.15-1.6.mga3 libwbclient0-3.6.15-1.6.mga3 libwbclient-devel-3.6.15-1.6.mga3 samba-virusfilter-clamav-3.6.15-1.6.mga3 samba-virusfilter-fsecure-3.6.15-1.6.mga3 samba-virusfilter-sophos-3.6.15-1.6.mga3 samba-domainjoin-gui-3.6.15-1.6.mga3 samba-server-3.6.24-1.1.mga4 samba-client-3.6.24-1.1.mga4 samba-common-3.6.24-1.1.mga4 samba-doc-3.6.24-1.1.mga4 samba-swat-3.6.24-1.1.mga4 samba-winbind-3.6.24-1.1.mga4 nss_wins-3.6.24-1.1.mga4 libsmbclient0-3.6.24-1.1.mga4 libsmbclient0-devel-3.6.24-1.1.mga4 libsmbclient0-static-devel-3.6.24-1.1.mga4 libnetapi0-3.6.24-1.1.mga4 libnetapi-devel-3.6.24-1.1.mga4 libsmbsharemodes0-3.6.24-1.1.mga4 libsmbsharemodes-devel-3.6.24-1.1.mga4 libwbclient0-3.6.24-1.1.mga4 libwbclient-devel-3.6.24-1.1.mga4 samba-virusfilter-clamav-3.6.24-1.1.mga4 samba-virusfilter-fsecure-3.6.24-1.1.mga4 samba-virusfilter-sophos-3.6.24-1.1.mga4 samba-domainjoin-gui-3.6.24-1.1.mga4 from SRPMS: samba-3.6.15-1.6.mga3.src.rpm samba-3.6.24-1.1.mga4.src.rpm
Summary: samba new security issues CVE-2014-0244 and CVE-2014-3493 => samba new security issues CVE-2014-0178, CVE-2014-0244, and CVE-2014-3493
Oops, forgot to add one URL to the advisory. Advisory: ======================== Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493 http://www.samba.org/samba/security/CVE-2014-0178 http://www.samba.org/samba/security/CVE-2014-0244 http://www.samba.org/samba/security/CVE-2014-3493
Oops, also forgot the Debian advisory. Really done this time. Advisory: ======================== Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493 http://www.samba.org/samba/security/CVE-2014-0178 http://www.samba.org/samba/security/CVE-2014-0244 http://www.samba.org/samba/security/CVE-2014-3493 https://www.debian.org/security/2014/dsa-2966
URL: (none) => http://lwn.net/Vulnerabilities/603223/
Procedure: https://bugs.mageia.org/show_bug.cgi?id=10926#c7 and following comments.
Whiteboard: MGA3TOO => MGA3TOO has_procedure
Tested mga4_64, Testing complete for samba-3.6.24-1.1.mga4, Ok for me nothing to report and seems to work properly. - Test on my local shared group "MGAGROUP" with 3 Mga PC and 2 Windows PC. - Test on MCC too. samba-winbind-3.6.24-1.1.mga4 samba-server-3.6.24-1.1.mga4 samba-common-3.6.24-1.1.mga4 samba-doc-3.6.24-1.1.mga4 samba-swat-3.6.24-1.1.mga4 samba-client-3.6.24-1.1.mga4 lib64smbsharemodes0-3.6.24-1.1.mga4 lib64smbclient0-3.6.24-1.1.mga4
CC: (none) => geiger.david68210Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA4-64-OK
Tested mga4_32, Testing complete for samba-3.6.24-1.1.mga4, Ok for me nothing to report and seems to work properly too. - Test on my local shared group "MGAGROUP" with 3 Mga PC and 2 Windows PC. - Test on MCC too. samba-doc-3.6.24-1.1.mga4 samba-server-3.6.24-1.1.mga4 samba-client-3.6.24-1.1.mga4 samba-common-3.6.24-1.1.mga4 samba-winbind-3.6.24-1.1.mga4 samba-swat-3.6.24-1.1.mga4 libsmbsharemodes0-3.6.24-1.1.mga4 libsmbclient0-3.6.24-1.1.mga4
Whiteboard: MGA3TOO has_procedure MGA4-64-OK => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK
Tested mga3_64, Testing complete for samba-3.6.15-1.6.mga3, Ok for me nothing to report and seems to work properly too. - Test on my local shared group "MGAGROUP" with 3 Mga PC and 2 Windows PC. - Test on MCC too. samba-common-3.6.15-1.6.mga3 samba-client-3.6.15-1.6.mga3 samba-doc-3.6.15-1.6.mga3 samba-winbind-3.6.15-1.6.mga3 samba-swat-3.6.15-1.6.mga3 samba-server-3.6.15-1.6.mga3 lib64smbclient0-3.6.15-1.6.mga3 lib64smbsharemodes0-3.6.15-1.6.mga3
Tested mga3_32, Testing complete for samba-3.6.15-1.6.mga3, Ok for me nothing to report and seems to work properly too. - Test on my local shared group "MGAGROUP" with 3 Mga PC and 2 Windows PC. - Test on MCC too. samba-common-3.6.15-1.6.mga3 samba-client-3.6.15-1.6.mga3 samba-doc-3.6.15-1.6.mga3 samba-winbind-3.6.15-1.6.mga3 samba-swat-3.6.15-1.6.mga3 samba-server-3.6.15-1.6.mga3 lib64smbclient0-3.6.15-1.6.mga3 lib64smbsharemodes0-3.6.15-1.6.mga3
Whiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK
Well done David. Validating. Advisory uploaded. Could a sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK => MGA3TOO has_procedure advisory MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0279.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED