Debian has issued an advisory on March 3: https://www.debian.org/security/2016/dsa-3426 They have patches to fix the issue. In Cauldron, ctdb is built from the samba SRPM. I don't know if that version is still affected by this issue. Mageia 5 at least should be.
(In reply to David Walser from comment #0) > Debian has issued an advisory on March 3: > https://www.debian.org/security/2016/dsa-3426 > > They have patches to fix the issue. > > In Cauldron, ctdb is built from the samba SRPM. I don't know if that > version is still affected by this issue. Mageia 5 at least should be. Assigning to ctdb maintainer. @ Shlomi Is it possible for you to figure out whether samba in cauldron is affected, too?
CC: (none) => marja11Assignee: bugsquad => shlomif
(In reply to Marja van Waes from comment #1) > (In reply to David Walser from comment #0) > > Debian has issued an advisory on March 3: > > https://www.debian.org/security/2016/dsa-3426 > > > > They have patches to fix the issue. > > > > In Cauldron, ctdb is built from the samba SRPM. I don't know if that > > version is still affected by this issue. Mageia 5 at least should be. > > Assigning to ctdb maintainer. > > @ Shlomi > > Is it possible for you to figure out whether samba in cauldron is affected, > too? I'll try to.
Based on reading the description here - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813406 and studying the code then i don't think we are affected.
(In reply to Shlomi Fish from comment #3) > Based on reading the description here - > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813406 and studying the > code then i don't think we are affected. Great, thanks :-) So only Mageia 5 needs to be fixed
(In reply to Shlomi Fish from comment #3) > Based on reading the description here - > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813406 and studying the > code then i don't think we are affected. Actually this line in system_linux.c looks a little suspicious in this respect: 463: s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); But I'm not sure if we're affected.
Given the range of versions that Debian patched, I don't see how our Mageia 5 package wouldn't be affected. As for Cauldron, I would hope that a known issue like this would be fixed in the latest upstream Samba.
Hi all, I uploaded ctdb-2.5.3-3.1.mga5 to mga5's core/updates_testing with the patch. Assigning to QA for testing.
Status: NEW => ASSIGNEDAssignee: shlomif => qa-bugs
Advisory: ======================== Updated ctdb package fixes security vulnerability: The kernel fix for CVE-2015-8543 uncovered a bug in ctdb, leading to broken clusters. The ctdb package has been patched to fix this issue. References: https://www.debian.org/security/2016/dsa-3426
Keywords: (none) => validated_updateWhiteboard: (none) => advisoryCC: (none) => davidwhodgins, sysadmin-bugs
Just testing that the update installs cleanly
Whiteboard: advisory => advisory MGA5-64-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0281.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED