Samba has issued advisories on April 28: https://www.samba.org/samba/security/CVE-2020-10700.html https://www.samba.org/samba/security/CVE-2020-10704.html The issues are fixed upstream in 4.10.15 and 4.12.2: https://www.samba.org/samba/history/samba-4.10.15.html https://www.samba.org/samba/history/samba-4.12.2.html Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Fixed upstream in 4.10.15 and 4.12.2
Looking at this now. For MGA7, we will also need: * ldb 1.5.7 (submitted to updates_testing for 7): /home/bgmilne/rpmbuild/SRPMS/ldb-1.5.7-1.mga7.src.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/lib64ldb1-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/ldb-utils-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/lib64ldb-devel-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/python2-ldb-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/python3-ldb-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/lib64pyldb-util1-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/lib64pyldb-util-devel-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/ldb-debugsource-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/ldb-debuginfo-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/lib64ldb1-debuginfo-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/ldb-utils-debuginfo-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/python2-ldb-debuginfo-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/python3-ldb-debuginfo-1.5.7-1.mga7.x86_64.rpm: /home/bgmilne/rpmbuild/RPMS/x86_64/lib64pyldb-util1-debuginfo-1.5.7-1.mga7.x86_64.rpm:
Status: NEW => ASSIGNED
I have submitted 4.12.2 to cauldron, and 4.10.15 to mga7 updates_testing
Assignee: bgmilne => bugsquadCC: (none) => bgmilne
Advisory: ======================== Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server (CVE-2020-10700). A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV (CVE-2020-10704). The samba package has been updated to version 4.10.15, fixing these issues and other bugs. The ldb package has been updated to version 1.5.7. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704 https://www.samba.org/samba/security/CVE-2020-10700.html https://www.samba.org/samba/security/CVE-2020-10704.html https://www.samba.org/samba/history/samba-4.10.13.html https://www.samba.org/samba/history/samba-4.10.14.html https://www.samba.org/samba/history/samba-4.10.15.html ======================== Updated packages in core/updates_testing: ======================== libldb1-1.5.7-1.mga7 ldb-utils-1.5.7-1.mga7 libldb-devel-1.5.7-1.mga7 python2-ldb-1.5.7-1.mga7 python3-ldb-1.5.7-1.mga7 libpyldb-util1-1.5.7-1.mga7 libpyldb-util-devel-1.5.7-1.mga7 samba-4.10.15-1.mga7 samba-client-4.10.15-1.mga7 samba-common-4.10.15-1.mga7 samba-dc-4.10.15-1.mga7 libsamba-dc0-4.10.15-1.mga7 libkdc-samba4_2-4.10.15-1.mga7 libheimntlm-samba4_1-4.10.15-1.mga7 libsamba-devel-4.10.15-1.mga7 samba-krb5-printing-4.10.15-1.mga7 libsamba1-4.10.15-1.mga7 libsmbclient0-4.10.15-1.mga7 libsmbclient-devel-4.10.15-1.mga7 libwbclient0-4.10.15-1.mga7 libwbclient-devel-4.10.15-1.mga7 python2-samba-4.10.15-1.mga7 python3-samba-4.10.15-1.mga7 samba-pidl-4.10.15-1.mga7 samba-test-4.10.15-1.mga7 libsamba-test0-4.10.15-1.mga7 samba-winbind-4.10.15-1.mga7 samba-winbind-clients-4.10.15-1.mga7 samba-winbind-krb5-locator-4.10.15-1.mga7 samba-winbind-modules-4.10.15-1.mga7 ctdb-4.10.15-1.mga7 ctdb-tests-4.10.15-1.mga7 from SRPMS: ldb-1.5.7-1.mga7.src.rpm samba-4.10.15-1.mga7.src.rpm
Assignee: bugsquad => qa-bugsVersion: Cauldron => 7Whiteboard: MGA7TOO => (none)Source RPM: samba-4.12.1-2.mga8.src.rpm, samba-4.10.12-1.mga7.src.rpm => samba-4.10.12-1.mga7.src.rpmStatus comment: Fixed upstream in 4.10.15 and 4.12.2 => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues Used MCC to do basic setup of samba server, used webmin to define samba users Could connect to my own samba server from this laptop by: $ smbclient //mach1/herman -U herman Enter WORKGROUP\herman's password: Try "help" to get a list of possible commands. smb: \> help ? allinfo altname archive backup blocksize cancel case_sensitive cd chmod chown close del deltree dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer notify open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink posix_whoami print prompt put pwd q queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode scopy stat symlink tar tarmode timeout translate unlock volume vuid wdel logon listconnect showconnect tcon tdis tid utimes logoff .. ! smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Thu Apr 30 08:41:41 2020 .. D 0 Mon Sep 24 07:25:53 2018 Trash N 0 Sun Nov 24 09:43:13 2013 Inschrijvingsformulier Nieuwe quiz.doc N 542720 Sun Sep 16 14:18:36 2012 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 .audacity-data DH 0 Tue Aug 27 14:17:57 2019 .qareporc H 117 Tue Apr 28 09:53:02 2020 .gnucash DH 0 Thu Jan 4 08:29:53 2018 ipv6.html N 22650 Tue Dec 29 12:35:25 2009 CV muzikaal.odt N 11374 Sat May 28 09:04:16 2016 sane-backends.html N 51099 Tue Dec 29 12:35:25 2009 and a lot more, all OK Did the same frommy desktop to the samba server on this laptop, equally successfull.
CC: (none) => herman.viaene
Ubuntu has issued an advisory for this on April 28: https://usn.ubuntu.com/4341-1/
The sssd package has to be rebuilt every time ldb is updated (there's a comment right at the top of the ldb SPEC about that). sssd rebuild submitted.
Advisory: ======================== Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server (CVE-2020-10700). A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV (CVE-2020-10704). The samba package has been updated to version 4.10.15, fixing these issues and other bugs. The ldb package has been updated to version 1.5.7. The sssd package has been rebuilt for the updated ldb. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704 https://www.samba.org/samba/security/CVE-2020-10700.html https://www.samba.org/samba/security/CVE-2020-10704.html https://www.samba.org/samba/history/samba-4.10.13.html https://www.samba.org/samba/history/samba-4.10.14.html https://www.samba.org/samba/history/samba-4.10.15.html ======================== Updated packages in core/updates_testing: ======================== libldb1-1.5.7-1.mga7 ldb-utils-1.5.7-1.mga7 libldb-devel-1.5.7-1.mga7 python2-ldb-1.5.7-1.mga7 python3-ldb-1.5.7-1.mga7 libpyldb-util1-1.5.7-1.mga7 libpyldb-util-devel-1.5.7-1.mga7 sssd-1.16.3-3.2.mga7 sssd-common-1.16.3-3.2.mga7 sssd-client-1.16.3-3.2.mga7 libsss_sudo-1.16.3-3.2.mga7 libsss_autofs-1.16.3-3.2.mga7 sssd-tools-1.16.3-3.2.mga7 python2-sssdconfig-1.16.3-3.2.mga7 python3-sssdconfig-1.16.3-3.2.mga7 python2-sss-1.16.3-3.2.mga7 python3-sss-1.16.3-3.2.mga7 python2-sss-murmur-1.16.3-3.2.mga7 python3-sss-murmur-1.16.3-3.2.mga7 sssd-ldap-1.16.3-3.2.mga7 sssd-krb5-common-1.16.3-3.2.mga7 sssd-krb5-1.16.3-3.2.mga7 sssd-common-pac-1.16.3-3.2.mga7 sssd-ipa-1.16.3-3.2.mga7 sssd-ad-1.16.3-3.2.mga7 sssd-proxy-1.16.3-3.2.mga7 libsss_idmap-1.16.3-3.2.mga7 libsss_idmap-devel-1.16.3-3.2.mga7 libipa_hbac-1.16.3-3.2.mga7 libipa_hbac-devel-1.16.3-3.2.mga7 python2-libipa_hbac-1.16.3-3.2.mga7 python3-libipa_hbac-1.16.3-3.2.mga7 libsss_nss_idmap-1.16.3-3.2.mga7 libsss_nss_idmap-devel-1.16.3-3.2.mga7 python2-libsss_nss_idmap-1.16.3-3.2.mga7 python3-libsss_nss_idmap-1.16.3-3.2.mga7 sssd-dbus-1.16.3-3.2.mga7 libsss_simpleifp-1.16.3-3.2.mga7 libsss_simpleifp-devel-1.16.3-3.2.mga7 sssd-libwbclient-1.16.3-3.2.mga7 sssd-libwbclient-devel-1.16.3-3.2.mga7 sssd-winbind-idmap-1.16.3-3.2.mga7 sssd-nfs-idmap-1.16.3-3.2.mga7 libsss_certmap-1.16.3-3.2.mga7 libsss_certmap-devel-1.16.3-3.2.mga7 sssd-kcm-1.16.3-3.2.mga7 samba-4.10.15-1.mga7 samba-client-4.10.15-1.mga7 samba-common-4.10.15-1.mga7 samba-dc-4.10.15-1.mga7 libsamba-dc0-4.10.15-1.mga7 libkdc-samba4_2-4.10.15-1.mga7 libheimntlm-samba4_1-4.10.15-1.mga7 libsamba-devel-4.10.15-1.mga7 samba-krb5-printing-4.10.15-1.mga7 libsamba1-4.10.15-1.mga7 libsmbclient0-4.10.15-1.mga7 libsmbclient-devel-4.10.15-1.mga7 libwbclient0-4.10.15-1.mga7 libwbclient-devel-4.10.15-1.mga7 python2-samba-4.10.15-1.mga7 python3-samba-4.10.15-1.mga7 samba-pidl-4.10.15-1.mga7 samba-test-4.10.15-1.mga7 libsamba-test0-4.10.15-1.mga7 samba-winbind-4.10.15-1.mga7 samba-winbind-clients-4.10.15-1.mga7 samba-winbind-krb5-locator-4.10.15-1.mga7 samba-winbind-modules-4.10.15-1.mga7 ctdb-4.10.15-1.mga7 ctdb-tests-4.10.15-1.mga7 from SRPMS: ldb-1.5.7-1.mga7.src.rpm sssd-1.16.3-3.2.mga7.src.rpm samba-4.10.15-1.mga7.src.rpm
$ uname -a Linux linux.local 5.6.8-desktop-1.mga7 #1 SMP Thu Apr 30 06:12:53 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux --- First took some time to verify that Samba on this test instance was working. Configured it, verified it was working before installating the below. ---- The following 51 packages are going to be installed: - ldb-utils-1.5.7-1.mga7.x86_64 - lib64dhash1-0.5.0-11.mga7.x86_64 - lib64heimntlm-samba4_1-4.10.15-1.mga7.x86_64 - lib64http-parser2-2.9.3-1.mga7.x86_64 - lib64ldb1-1.5.7-1.mga7.x86_64 - lib64nl-route3_200-3.4.0-3.mga7.x86_64 - lib64pyldb-util1-1.5.7-1.mga7.x86_64 - lib64rpm8-4.14.3-1.mga7.x86_64 - lib64samba-dc0-4.10.15-1.mga7.x86_64 - lib64samba-test0-4.10.15-1.mga7.x86_64 - lib64samba1-4.10.15-1.mga7.x86_64 - lib64sasl2-plug-gssapi-2.1.27-1.1.mga7.x86_64 - lib64smbclient0-4.10.15-1.mga7.x86_64 - lib64wbclient0-4.10.15-1.mga7.x86_64 - libipa_hbac-1.16.3-3.2.mga7.x86_64 - libsss_autofs-1.16.3-3.2.mga7.x86_64 - libsss_certmap-1.16.3-3.2.mga7.x86_64 - libsss_idmap-1.16.3-3.2.mga7.x86_64 - libsss_nss_idmap-1.16.3-3.2.mga7.x86_64 - libsss_sudo-1.16.3-3.2.mga7.x86_64 - python2-rpm-4.14.3-1.mga7.x86_64 - python3-ldb-1.5.7-1.mga7.x86_64 - python3-rpm-4.14.3-1.mga7.x86_64 - python3-samba-4.10.15-1.mga7.x86_64 - python3-sssdconfig-1.16.3-3.2.mga7.noarch - rpm-4.14.3-1.mga7.x86_64 - rpm-plugin-ima-4.14.3-1.mga7.x86_64 - rpm-plugin-syslog-4.14.3-1.mga7.x86_64 - rpm-plugin-systemd-inhibit-4.14.3-1.mga7.x86_64 - samba-4.10.15-1.mga7.x86_64 - samba-client-4.10.15-1.mga7.x86_64 - samba-common-4.10.15-1.mga7.x86_64 - samba-dc-4.10.15-1.mga7.x86_64 - samba-winbind-4.10.15-1.mga7.x86_64 - samba-winbind-clients-4.10.15-1.mga7.x86_64 - samba-winbind-krb5-locator-4.10.15-1.mga7.x86_64 - samba-winbind-modules-4.10.15-1.mga7.x86_64 - sssd-1.16.3-3.2.mga7.x86_64 - sssd-ad-1.16.3-3.2.mga7.x86_64 - sssd-client-1.16.3-3.2.mga7.x86_64 - sssd-common-1.16.3-3.2.mga7.x86_64 - sssd-common-pac-1.16.3-3.2.mga7.x86_64 - sssd-dbus-1.16.3-3.2.mga7.x86_64 - sssd-ipa-1.16.3-3.2.mga7.x86_64 - sssd-krb5-1.16.3-3.2.mga7.x86_64 - sssd-krb5-common-1.16.3-3.2.mga7.x86_64 - sssd-ldap-1.16.3-3.2.mga7.x86_64 - sssd-libwbclient-1.16.3-3.2.mga7.x86_64 - sssd-nfs-idmap-1.16.3-3.2.mga7.x86_64 - sssd-proxy-1.16.3-3.2.mga7.x86_64 - sssd-winbind-idmap-1.16.3-3.2.mga7.x86_64 It is not 100% of the objects listed, but most and things installed properly. Rebooted the machine and then read and wrote to the share from another Mageia instance (a laptop). Working as designed.
CC: (none) => brtians1
Repeated tests from Comment 4 after adding the new additional packages (not the devel) with the same good results. In view of Brian's test, OK'ing unless someone els jumps in.
Whiteboard: (none) => MGA7-64-OK
CC: (none) => tmb, sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0205.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED