Bug 27488 - samba new security issues CVE-2020-14318, CVE-2020-14323, CVE-2020-14383
Summary: samba new security issues CVE-2020-14318, CVE-2020-14323, CVE-2020-14383
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
: 27967 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-10-29 17:45 CET by David Walser
Modified: 2020-12-29 17:04 CET (History)
6 users (show)

See Also:
Source RPM: samba-4.10.18-1.mga7.src.rpm
CVE: CVE-2020-14318, CVE-2020-14323, CVE-2020-14383
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

David Walser 2020-10-30 20:11:08 CET

Whiteboard: (none) => MGA7TOO

Comment 1 David Walser 2020-11-02 18:23:43 CET 
Ubuntu has issued an advisory for this today (November 2):
https://ubuntu.com/security/notices/USN-4611-1
Comment 2 Buchan Milne 2020-11-04 22:16:55 CET 
Cauldron has samba-4.12.9-1.mga8

I haven't got a patch for mga7 (4.10.x) yet, will try and finish that tomorrow (or consider bumping mga7 to 4.12.9).

Status: NEW => ASSIGNED

Comment 3 David Walser 2020-11-04 22:22:02 CET 
So far the only distro I see with 4.10.x updates is SUSE:
https://lists.suse.com/pipermail/sle-security-updates/2020-October/007660.html
David Walser 2020-11-04 22:24:03 CET

Component: Release (media or process) => Security
QA Contact: (none) => security

David Walser 2020-11-04 22:24:16 CET

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

David Walser 2020-11-04 22:24:43 CET

Source RPM: samba-4.12.8-1.mga8.src.rpm => samba-4.10.18-1.mga7.src.rpm

Comment 4 David Walser 2020-11-04 22:31:16 CET 
SUSE just pulled an updated git snapshot from the 4.10.x branch.
Comment 5 Buchan Milne 2020-11-04 22:34:32 CET 
I have patches for CVE-2020-14318 and CVE-2020-14323 that apply, but not yet for CVE-2020-14383.
Comment 6 David Walser 2020-11-04 22:38:12 CET 
Strange, I don't see any commits upstream since 4.10.18 six weeks ago:
https://git.samba.org/samba.git/?p=samba.git;a=shortlog;h=refs/heads/v4-10-stable
Comment 7 Buchan Milne 2020-11-04 23:02:11 CET 
r1642722 ( samba-4.10.18-1.1.mga7), just submitted to updates_testing, has patches for all 3 CVEs.
Comment 8 David Walser 2020-11-04 23:32:03 CET 
Advisory:
========================

Updated samba packages fix security vulnerabilities:

Steven French discovered that Samba incorrectly handled ChangeNotify
permissions. A remote attacker could possibly use this issue to obtain file
name information (CVE-2020-14318).

Bas Alberts discovered that Samba incorrectly handled certain winbind
requests. A remote attacker could possibly use this issue to cause winbind to
crash, resulting in a denial of service (CVE-2020-14323).

Francis Brosnan Blázquez discovered that Samba incorrectly handled certain
invalid DNS records. A remote attacker could possibly use this issue to cause
the DNS server to crash, resulting in a denial of service (CVE-2020-14383).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383
https://www.samba.org/samba/security/CVE-2020-14318.html
https://www.samba.org/samba/security/CVE-2020-14323.html
https://www.samba.org/samba/security/CVE-2020-14383.html
https://ubuntu.com/security/notices/USN-4611-1
========================

Updated packages in core/updates_testing:
========================
samba-4.10.18-1.1.mga7
samba-client-4.10.18-1.1.mga7
samba-common-4.10.18-1.1.mga7
samba-dc-4.10.18-1.1.mga7
libsamba-dc0-4.10.18-1.1.mga7
libkdc-samba4_2-4.10.18-1.1.mga7
libheimntlm-samba4_1-4.10.18-1.1.mga7
libsamba-devel-4.10.18-1.1.mga7
samba-krb5-printing-4.10.18-1.1.mga7
libsamba1-4.10.18-1.1.mga7
libsmbclient0-4.10.18-1.1.mga7
libsmbclient-devel-4.10.18-1.1.mga7
libwbclient0-4.10.18-1.1.mga7
libwbclient-devel-4.10.18-1.1.mga7
python2-samba-4.10.18-1.1.mga7
python3-samba-4.10.18-1.1.mga7
samba-pidl-4.10.18-1.1.mga7
samba-test-4.10.18-1.1.mga7
libsamba-test0-4.10.18-1.1.mga7
samba-winbind-4.10.18-1.1.mga7
samba-winbind-clients-4.10.18-1.1.mga7
samba-winbind-krb5-locator-4.10.18-1.1.mga7
samba-winbind-modules-4.10.18-1.1.mga7
ctdb-4.10.18-1.1.mga7
ctdb-tests-4.10.18-1.1.mga7

from samba-4.10.18-1.1.mga7.src.rpm

Assignee: bgmilne => qa-bugs
CC: sysadmin-bugs => bgmilne

Comment 9 Herman Viaene 2020-11-09 10:55:39 CET 
MGA7-64 MATE on Peaq C1011
No installation issues.
Ref bug 27299
Used MCC to define a minimum samba server, used webmin to define samba-user.
Using smbclient I could connect to my samba-server on my desktop PC, and similarly I could connect from my desktop PC to the samba server on this notebookj.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Comment 10 Thomas Andrews 2020-11-09 18:09:30 CET 
Validating. Advisory in Comment 8.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 11 Aurelien Oudelet 2020-11-10 09:40:23 CET 
Advisory pushed to SVN.

CVE: (none) => CVE-2020-14318, CVE-2020-14323, CVE-2020-14383
CC: (none) => ouaurelien
Keywords: (none) => advisory

Comment 12 Mageia Robot 2020-11-10 16:21:24 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0410.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 13 David Walser 2020-12-29 17:04:01 CET 
*** Bug 27967 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu
Note You need to log in before you can comment on or make changes to this bug.