Samba has issued advisories today (January 21): https://www.samba.org/samba/security/CVE-2019-14902.html https://www.samba.org/samba/security/CVE-2019-14907.html https://www.samba.org/samba/security/CVE-2019-19344.html The issues are fixed upstream in 4.10.12: https://www.samba.org/samba/history/samba-4.10.12.html Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Yep, I got the announcement, I have builds running on my machine, will try and submit builds later today.
Status: NEW => ASSIGNED
The builds completed without issue, submitted: samba-4.10.12-2.mga8 buchan 1 second ago cauldron core/release todo samba-4.10.12-1.mga7 buchan 19 seconds ago 7 core/updates_testing todo
Advisory: ======================== Updated samba packages fix security vulnerabilities: The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers (CVE-2019-14902). When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs. This can cause a crash after the failed character conversion when operating at log level 3 or above (CVE-2019-14907). During DNS zone scavenging (of expired dynamic entries) in a Samba AD DC, there is a read of memory after it has been freed (CVE-2019-19344). Note that manual intervention is required to fully implement the fix for CVE-2019-14902. See the upstream advisory for details. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344 https://www.samba.org/samba/security/CVE-2019-14902.html https://www.samba.org/samba/security/CVE-2019-14907.html https://www.samba.org/samba/security/CVE-2019-19344.html https://www.samba.org/samba/history/samba-4.10.12.html ======================== Updated packages in core/updates_testing: ======================== samba-4.10.12-1.mga7 samba-client-4.10.12-1.mga7 samba-common-4.10.12-1.mga7 samba-dc-4.10.12-1.mga7 libsamba-dc0-4.10.12-1.mga7 libkdc-samba4_2-4.10.12-1.mga7 libheimntlm-samba4_1-4.10.12-1.mga7 libsamba-devel-4.10.12-1.mga7 samba-krb5-printing-4.10.12-1.mga7 libsamba1-4.10.12-1.mga7 libsmbclient0-4.10.12-1.mga7 libsmbclient-devel-4.10.12-1.mga7 libwbclient0-4.10.12-1.mga7 libwbclient-devel-4.10.12-1.mga7 python2-samba-4.10.12-1.mga7 python3-samba-4.10.12-1.mga7 samba-pidl-4.10.12-1.mga7 samba-test-4.10.12-1.mga7 libsamba-test0-4.10.12-1.mga7 samba-winbind-4.10.12-1.mga7 samba-winbind-clients-4.10.12-1.mga7 samba-winbind-krb5-locator-4.10.12-1.mga7 samba-winbind-modules-4.10.12-1.mga7 ctdb-4.10.12-1.mga7 ctdb-tests-4.10.12-1.mga7 from samba-4.10.12-1.mga7.src.rpm
CC: (none) => bgmilneWhiteboard: MGA7TOO => (none)Assignee: bgmilne => qa-bugsVersion: Cauldron => 7
MGA7-64 Plasma on Lenovo B50 No installation issues Used MCC to do basic setup of samba server, used webmin to define samba users Could connect to my own samba server from this laptop by: $ smbclient //mach1/herman -U herman Unable to initialize messaging context Enter WORKGROUP\herman's password: Try "help" to get a list of possible commands. smb: \> help ? allinfo altname archive backup blocksize cancel case_sensitive cd chmod chown close del deltree dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer notify open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink posix_whoami print prompt put pwd q queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode scopy stat symlink tar tarmode timeout translate unlock volume vuid wdel logon listconnect showconnect tcon tdis tid utimes logoff .. ! smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Thu Jan 23 14:53:56 2020 .. D 0 Mon Sep 24 07:25:53 2018 Trash N 0 Sun Nov 24 09:43:13 2013 Inschrijvingsformulier Nieuwe quiz.doc N 542720 Sun Sep 16 14:18:36 2012 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 .audacity-data DH 0 Tue Aug 27 14:17:57 2019 and a lot more, all correct Did the same frommy desktop to the samba server on this laptop, equally successfull.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
$ uname -a Linux linux.local 5.4.12-desktop-1.mga7 #1 SMP Tue Jan 14 21:14:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux The following 24 packages are going to be installed: - lib64heimntlm-samba4_1-4.10.12-1.mga7.x86_64 - lib64kdc-samba4_2-4.10.12-1.mga7.x86_64 - lib64samba-dc0-4.10.12-1.mga7.x86_64 - lib64samba-test0-4.10.12-1.mga7.x86_64 - lib64samba1-4.10.12-1.mga7.x86_64 - lib64smbclient0-4.10.12-1.mga7.x86_64 - lib64wbclient0-4.10.12-1.mga7.x86_64 - perl-Parse-Yapp-1.210.0-3.mga7.noarch - python2-ldb-1.5.6-1.mga7.x86_64 - python2-talloc-2.1.16-1.mga7.x86_64 - python2-tdb-1.3.18-1.mga7.x86_64 - python2-tevent-0.9.39-1.mga7.x86_64 - python3-samba-4.10.12-1.mga7.x86_64 - python3-tevent-0.9.39-1.mga7.x86_64 - samba-4.10.12-1.mga7.x86_64 - samba-client-4.10.12-1.mga7.x86_64 - samba-common-4.10.12-1.mga7.x86_64 - samba-dc-4.10.12-1.mga7.x86_64 - samba-krb5-printing-4.10.12-1.mga7.x86_64 - samba-pidl-4.10.12-1.mga7.noarch - samba-winbind-4.10.12-1.mga7.x86_64 - samba-winbind-clients-4.10.12-1.mga7.x86_64 - samba-winbind-krb5-locator-4.10.12-1.mga7.x86_64 - samba-winbind-modules-4.10.12-1.mga7.x86_64 No installation issues. I was able to set up a user and shares and connect to it via a w10 device. Working
CC: (none) => brtians1
Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Ubuntu has issued an advisory for this on January 21: https://usn.ubuntu.com/4244-1/
Severity: normal => major
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0058.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
Blocks: (none) => 25903