Bug 23444 - samba new security issues CVE-2018-10858, CVE-2018-1091[89], CVE-2018-1139
Summary: samba new security issues CVE-2018-10858, CVE-2018-1091[89], CVE-2018-1139
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-08-14 23:19 CEST by David Walser
Modified: 2018-10-30 19:02 CET (History)
6 users (show)

See Also:
Source RPM: samba-4.7.6-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-08-14 23:19:21 CEST 
Samba has issued advisories today (August 14):
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/security/CVE-2018-1139.html

The issues are fixed upstream in 4.7.9 and 4.6.16:
https://www.samba.org/samba/history/samba-4.7.9.html
https://www.samba.org/samba/history/samba-4.6.16.html

CVE-2018-10858 also affects Mageia 5 and Mageia 6.

CVE-2018-10919 also affects Mageia 6.

Debian has issued an advisory for those two issues today (August 14):
https://www.debian.org/security/2018/dsa-4271
Comment 1 David Walser 2018-08-14 23:20:03 CEST 
Ubuntu has issued an advisory for this today (August 14):
https://usn.ubuntu.com/3738-1/

Whiteboard: (none) => MGA6TOO

Comment 2 Marja Van Waes 2018-08-16 12:24:56 CEST 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => bgmilne

Comment 3 David Walser 2018-08-29 20:40:35 CEST 
ldb should also be updated to 1.3.5 in Cauldron.
Comment 4 Bruno Cornec 2018-10-27 16:24:11 CEST 
uploaded the following packages:
tdb-1.3.16-1.mga7
talloc-2.1.14-1.mga7
ldb-1.4.2-1.mga7
samba-4.9.1-1.mga7
sssd-1.13.4-16.mga7

Assignee: bgmilne => bruno
CC: (none) => bruno
Status: NEW => ASSIGNED
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 5 Bruno Cornec 2018-10-28 00:57:49 CEST 
samba-4.6.16-1.mga6 pushed to mga6 updates

Assignee: bruno => qa-bugs

Comment 6 David Walser 2018-10-29 02:11:18 CET 
Advisory:
========================

Updated samba packages fix security vulnerabilities:

A malicious server could return a directory entry that could corrupt
libsmbclient memory (CVE-2018-10858).

Missing access control checks allow discovery of confidential attribute values
via authenticated LDAP search expressions (CVE-2018-10919).

The samba package has been updated to version 4.6.16, fixing these issues and
other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/samba-4.6.13.html
https://www.samba.org/samba/history/samba-4.6.14.html
https://www.samba.org/samba/history/samba-4.6.15.html
https://www.samba.org/samba/history/samba-4.6.16.html
========================

Updated packages in core/updates_testing:
========================
samba-4.6.16-1.mga6
samba-client-4.6.16-1.mga6
samba-common-4.6.16-1.mga6
samba-dc-4.6.16-1.mga6
libsamba-dc0-4.6.16-1.mga6
libkdc-samba4_2-4.6.16-1.mga6
libsamba-devel-4.6.16-1.mga6
samba-krb5-printing-4.6.16-1.mga6
libsamba1-4.6.16-1.mga6
libsmbclient0-4.6.16-1.mga6
libsmbclient-devel-4.6.16-1.mga6
libwbclient0-4.6.16-1.mga6
libwbclient-devel-4.6.16-1.mga6
python-samba-4.6.16-1.mga6
samba-pidl-4.6.16-1.mga6
samba-test-4.6.16-1.mga6
libsamba-test0-4.6.16-1.mga6
samba-winbind-4.6.16-1.mga6
samba-winbind-clients-4.6.16-1.mga6
samba-winbind-krb5-locator-4.6.16-1.mga6
samba-winbind-modules-4.6.16-1.mga6
ctdb-4.6.16-1.mga6
ctdb-tests-4.6.16-1.mga6

from samba-4.6.16-1.mga6.src.rpm
Comment 7 James Kerr 2018-10-29 17:25:41 CET 
on mga6-64  plasma

packages installed cleanly:
- lib64kdc-samba4_2-4.6.16-1.mga6.x86_64
- lib64samba-dc0-4.6.16-1.mga6.x86_64
- lib64samba1-4.6.16-1.mga6.x86_64
- lib64smbclient0-4.6.16-1.mga6.x86_64
- lib64wbclient0-4.6.16-1.mga6.x86_64
- samba-4.6.16-1.mga6.x86_64
- samba-client-4.6.16-1.mga6.x86_64
- samba-common-4.6.16-1.mga6.x86_64

After installing this update:

I can read and write to a share on this system from another system
I can read and write to a share on another system from this system

OK for mga6-64

Whiteboard: (none) => MGA6-64-OK
CC: (none) => jim

Comment 8 James Kerr 2018-10-29 18:06:53 CET 
on mga6-32 in a vbox VM

packages installed cleanly:
- libkdc-samba4_2-4.6.16-1.mga6.i586
- libsamba-dc0-4.6.16-1.mga6.i586
- libsamba1-4.6.16-1.mga6.i586
- libsmbclient0-4.6.16-1.mga6.i586
- libwbclient0-4.6.16-1.mga6.i586
- samba-4.6.16-1.mga6.i586
- samba-client-4.6.16-1.mga6.i586
- samba-common-4.6.16-1.mga6.i586

After installing this update:

I can read and write to a share on this system from another system
I can read and write to a share on another system from this system

OK for mga6-32

Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK

Comment 9 Thomas Andrews 2018-10-30 03:59:16 CET 
Validating. Advisory in Comment 6.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2018-10-30 17:43:44 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 10 Mageia Robot 2018-10-30 19:02:53 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0424.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.