Bug 15347 - samba new security issue CVE-2015-0240
Summary: samba new security issue CVE-2015-0240
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/634433/
Whiteboard: has_procedure advisory mga4-32-ok mga...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-02-23 19:45 CET by David Walser
Modified: 2015-02-24 22:20 CET (History)
1 user (show)

See Also:
Source RPM: samba-3.6.24-1.1.mga4.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-02-23 19:45:55 CET 
RedHat has issued an advisory today (February 23):
https://rhn.redhat.com/errata/RHSA-2015-0251.html

Updated package uploaded for Mageia 4.

Freeze push requested for Cauldron.

Advisory:
========================

Updated samba packages fix security vulnerabilities:

An uninitialized pointer use flaw was found in the Samba daemon (smbd). A
malicious Samba client could send specially crafted netlogon packets that,
when processed by smbd, could potentially lead to arbitrary code execution
with the privileges of the user running smbd (by default, the root user)
(CVE-2015-0240).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
https://rhn.redhat.com/errata/RHSA-2015-0251.html
========================

Updated packages in core/updates_testing:
========================
samba-server-3.6.25-1.mga4
samba-client-3.6.25-1.mga4
samba-common-3.6.25-1.mga4
samba-doc-3.6.25-1.mga4
samba-swat-3.6.25-1.mga4
samba-winbind-3.6.25-1.mga4
nss_wins-3.6.25-1.mga4
libsmbclient0-3.6.25-1.mga4
libsmbclient0-devel-3.6.25-1.mga4
libsmbclient0-static-devel-3.6.25-1.mga4
libnetapi0-3.6.25-1.mga4
libnetapi-devel-3.6.25-1.mga4
libsmbsharemodes0-3.6.25-1.mga4
libsmbsharemodes-devel-3.6.25-1.mga4
libwbclient0-3.6.25-1.mga4
libwbclient-devel-3.6.25-1.mga4
samba-virusfilter-clamav-3.6.25-1.mga4
samba-virusfilter-fsecure-3.6.25-1.mga4
samba-virusfilter-sophos-3.6.25-1.mga4
samba-domainjoin-gui-3.6.25-1.mga4

from samba-3.6.25-1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2015-02-24 14:02:56 CET 
Procedure: https://bugs.mageia.org/show_bug.cgi?id=10926#c7 and following comments.

Whiteboard: (none) => has_procedure

David Walser 2015-02-24 18:38:00 CET

URL: (none) => http://lwn.net/Vulnerabilities/634433/

Comment 2 David Walser 2015-02-24 19:15:26 CET 
This is a critical update that we need to get released like the other distros have done.  Ideally it would have been done yesterday.  Apparently it's received some press attention according to Claire (I've been busy all week so I haven't seen it yet).  I think we need to trust that the upstream fixes are OK and just check that the packages install fine.  I can confirm that they do on Mageia 4 i586.
Comment 3 claire robinson 2015-02-24 21:38:47 CET 
Testing complete mga4 64

Configured a test share and connected to it from mga4 32

Whiteboard: has_procedure => has_procedure mga4-32-ok mga4-64-ok

Comment 4 claire robinson 2015-02-24 22:09:48 CET 
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2015-02-24 22:20:48 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0084.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.