Upstream has released new versions today (April 12): https://www.samba.org/samba/latest_news.html#4.4.2 Cauldron has been updated to 4.3.8. Awaiting backported patches from Ubuntu for Mageia 5.
We could also potentially get patches from RedHat (RHEL6): https://rhn.redhat.com/errata/RHSA-2016-0611.html or Debian (Wheezy): https://www.debian.org/security/2016/dsa-3548
URL: (none) => http://lwn.net/Vulnerabilities/683716/
Assigning to maintainer, but CC'ing all packagers collectively, since the maintainer seems a bit MIA'ish
CC: (none) => marja11, pkg-bugsAssignee: bugsquad => bgmilne
Ubuntu has issued an advisory for this today (April 18): http://www.ubuntu.com/usn/usn-2950-1/
Backporting these patches was coordinated among vendors and the patches for 3.6.x are available from upstream: https://www.samba.org/samba/history/security.html Patches added, using the Ubuntu version of the CVE-preparation patch. Unfortunately it doesn't build, because of the error: error: 'struct pipes_struct' has no member named 'rng_fault_state' http://pkgsubmit.mageia.org/uploads/failure/5/core/updates_testing/20160418212451.luigiwalser.duvel.38138/log/samba-3.6.25-2.3.mga5/build.0.20160418212529.log Advisory saved for later below. Advisory: ======================== Updated samba packages fix security vulnerability: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code (CVE-2015-5370). Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack (CVE-2016-2110). Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information (CVE-2016-2111). Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack (CVE-2016-2112). Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack (CVE-2016-2115). Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock (CVE-2016-2118). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118 https://www.samba.org/samba/security/CVE-2015-5370.html https://www.samba.org/samba/security/CVE-2016-2110.html https://www.samba.org/samba/security/CVE-2016-2111.html https://www.samba.org/samba/security/CVE-2016-2112.html https://www.samba.org/samba/security/CVE-2016-2115.html https://www.samba.org/samba/security/CVE-2016-2118.html http://www.ubuntu.com/usn/usn-2950-1/ ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.25-2.3.mga5 samba-client-3.6.25-2.3.mga5 samba-common-3.6.25-2.3.mga5 samba-doc-3.6.25-2.3.mga5 samba-swat-3.6.25-2.3.mga5 samba-winbind-3.6.25-2.3.mga5 nss_wins-3.6.25-2.3.mga5 libsmbclient0-3.6.25-2.3.mga5 libsmbclient0-devel-3.6.25-2.3.mga5 libsmbclient0-static-devel-3.6.25-2.3.mga5 libnetapi0-3.6.25-2.3.mga5 libnetapi-devel-3.6.25-2.3.mga5 libsmbsharemodes0-3.6.25-2.3.mga5 libsmbsharemodes-devel-3.6.25-2.3.mga5 libwbclient0-3.6.25-2.3.mga5 libwbclient-devel-3.6.25-2.3.mga5 samba-virusfilter-clamav-3.6.25-2.3.mga5 samba-virusfilter-fsecure-3.6.25-2.3.mga5 samba-virusfilter-sophos-3.6.25-2.3.mga5 samba-domainjoin-gui-3.6.25-2.3.mga5 from samba-3.6.25-2.3.mga5.src.rpm
Severity: critical => major
Created attachment 7688 [details] Missing part of CVE-preparation-v3-6.patch Hi, When reading CVE-preparation-v3-6.patch, I saw that "if (p->rng_fault_state)" is replaced by "if (p->fault_state)" in the other places. Best regards, Nico.
CC: (none) => nicolas.salguero
In fact, all the files in samba-3.6.25/source3/librpc/gen_ndr/ that contain "rng_fault_state" were omitted in CVE-preparation-v3-6.patch. I added the missing parts in CVE-preparation-v3-6.patch and, now, the build is successful.
For the advisory and the list of RPMs, see comment 4.
Status: NEW => ASSIGNEDAssignee: bgmilne => qa-bugs
On two mga5-64 systems, I updated samba. The following packages were installed: - lib64smbclient0-3.6.25-2.3.mga5.x86_64 - lib64wbclient0-3.6.25-2.3.mga5.x86_64 - nss_wins-3.6.25-2.3.mga5.x86_64 - samba-client-3.6.25-2.3.mga5.x86_64 - samba-common-3.6.25-2.3.mga5.x86_64 - samba-server-3.6.25-2.3.mga5.x86_64 I can access a folder shared between these two systems using smbclient and can mount, read and write to a shared folder. I have no Windows systems to test with and I don't use samba for printing. Subject to the limitations of my testing the update looks OK for mga5-64
I also updated samba on one mga5-32 system. The following packages were installed: - libsmbclient0-3.6.25-2.3.mga5.i586 - libwbclient0-3.6.25-2.3.mga5.i586 - nss_wins-3.6.25-2.3.mga5.i586 - samba-client-3.6.25-2.3.mga5.i586 - samba-common-3.6.25-2.3.mga5.i586 - samba-server-3.6.25-2.3.mga5.i586 I can access a folder shared between this system and a mga5-64 system using smbclient and can mount, read and write to a shared folder. Again subject to the limitations of my testing the update looks OK for mga5-32.
Thanks Jim. Adding the OK's and Validating.
Whiteboard: (none) => has_procedure mga5-32-ok mga5-64-ok
Actually validating. Advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure advisory mga5-32-ok mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0151.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
I installed the Samba update from updates_testing on my mgav5 x86-64 laptop and was able to access a remote share using the SMB kernel module and to host /tmp and read from it from both the local laptop and from my mgav6-64 machine . So this update looks good.