Samba has issued advisories today (January 31): https://www.samba.org/samba/security/CVE-2021-44141.html https://www.samba.org/samba/security/CVE-2021-44142.html https://www.samba.org/samba/security/CVE-2022-0336.html The latter two issues are fixed upstream in 4.14.12: https://www.samba.org/samba/history/samba-4.14.12.html The first issue is only fixed in 4.15.5 and apparently will not be fixed in older branches, so it needs to be mitigated according to the upstream advisory. Those instructions should be included in our advisory.
Status comment: (none) => Fixed upstream in 4.14.12 with additional mitigation
Looks correct to assign to Buchan.
Assignee: bugsquad => bgmilne
http://pkgsubmit.mageia.org/ says: samba-4.14.12-1.mga8 buchan 6 seconds ago 8 core/updates_testing todo I have done some minimal testing locally.
Status: NEW => ASSIGNEDAssignee: bgmilne => bugsquadCC: (none) => bgmilne
Thanks (please don't assign back to bugsquad though). Package list: libsamba1-4.14.12-1.mga8 python3-samba-4.14.12-1.mga8 samba-dc-4.14.12-1.mga8 samba-test-4.14.12-1.mga8 ctdb-4.14.12-1.mga8 samba-4.14.12-1.mga8 samba-client-4.14.12-1.mga8 libsamba-dc0-4.14.12-1.mga8 samba-winbind-4.14.12-1.mga8 samba-common-4.14.12-1.mga8 libkdc-samba4_2-4.14.12-1.mga8 libsmbclient0-4.14.12-1.mga8 libsamba-devel-4.14.12-1.mga8 samba-winbind-clients-4.14.12-1.mga8 libsmbclient-devel-4.14.12-1.mga8 samba-winbind-modules-4.14.12-1.mga8 libwbclient0-4.14.12-1.mga8 libwbclient-devel-4.14.12-1.mga8 libsamba-test0-4.14.12-1.mga8 libheimntlm-samba4_1-4.14.12-1.mga8 samba-winbind-krb5-locator-4.14.12-1.mga8 samba-krb5-printing-4.14.12-1.mga8 from samba-4.14.12-1.mga8.src.rpm
Assignee: bugsquad => qa-bugsStatus comment: Fixed upstream in 4.14.12 with additional mitigation => (none)
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues Ref bug 27299 Comment 5 for testing # systemctl start smb # systemctl -l status smb ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2022-02-01 11:18:11 CET; 15s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 10775 (smbd) Status: "smbd: ready to serve connections..." Tasks: 4 (limit: 9397) Memory: 8.1M CPU: 68ms CGroup: /system.slice/smb.service ├─10775 /usr/sbin/smbd --foreground --no-process-group ├─10777 /usr/sbin/smbd --foreground --no-process-group ├─10778 /usr/sbin/smbd --foreground --no-process-group └─10780 /usr/sbin/smbd --foreground --no-process-group feb 01 11:18:11 mach5.hviaene.thuis systemd[1]: Starting Samba SMB Daemon... feb 01 11:18:11 mach5.hviaene.thuis smbd[10775]: [2022/02/01 11:18:11.886145, 0] ../../lib/util/become_daemon.c:135(daemon_ready) feb 01 11:18:11 mach5.hviaene.thuis smbd[10775]: daemon_ready: daemon 'smbd' finished starting up and ready to serve connections feb 01 11:18:11 mach5.hviaene.thuis systemd[1]: Started Samba SMB Daemon. Checked existing smb configuration in MCC Then as normal user, test connection to Samba server on my desktop PC: $ smbclient //mach1/herman -U herman Enter SAMBATEST\herman's password: Try "help" to get a list of possible commands. smb: \> help ? allinfo altname archive backup blocksize cancel case_sensitive cd chmod chown close del deltree dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer notify open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink posix_whoami print prompt put pwd q queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode scopy stat symlink tar tarmode timeout translate unlock volume vuid wdel logon listconnect showconnect tcon tdis tid utimes logoff .. ! smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Tue Feb 1 08:27:41 2022 .. D 0 Fri Jul 31 15:14:59 2020 Viaene-2021-04-18-09-52-04.gramps N 513054 Sun Apr 18 09:52:04 2021 Viaene-2020-08-07-17-48-13.gramps N 509508 Fri Aug 7 17:48:17 2020 rpmbuild D 0 Sun Aug 16 11:16:34 2020 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 Watteeuw-2020-08-29-14-22-33.gramps N 678052 Sat Aug 29 14:22:37 2020 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 .audacity-data DH 0 Tue Dec 14 08:53:04 2021 .qareporc H 123 Fri Feb 5 15:51:00 2021 .gnucash DH 0 Sun Dec 29 11:33:23 2019 ipv6.html N 22650 Tue Dec 29 12:35:25 2009 CV muzikaal.odt N 11374 Sat May 28 09:04:16 2016 Picture1.jpg N 118784 Tue Dec 29 12:35:24 2009 atl.dll N 73785 Tue Dec 29 12:35:24 2009 IP-Masquerade-HOWTO-5.html N 22228 Tue Dec 29 12:35:24 2009 and a load more ...... Repeated same smbclient test from my desktop PC to this new server, with similar results. So samba is OK for me.
CC: (none) => herman.viaene
Ubuntu has issued an advisory for the last two CVEs today (February 1): https://ubuntu.com/security/notices/USN-5260-1
(In reply to David Walser from comment #0) > Samba has issued advisories today (January 31): > https://www.samba.org/samba/security/CVE-2021-44141.html > > The first issue is only fixed in 4.15.5 and apparently will not be fixed in > older branches, so it needs to be mitigated according to the upstream > advisory. Those instructions should be included in our advisory. This is also true for CVE-2021-20316, with the same mitigation: https://www.samba.org/samba/security/CVE-2021-20316.html SUSE has issued an advisory for all of this on February 1: https://lists.suse.com/pipermail/sle-security-updates/2022-February/010164.html
Summary: samba new security issues CVE-2021-44141, CVE-2021-44142 and CVE-2022-0336 => samba new security issues CVE-2021-20316, CVE-2021-44141, CVE-2021-44142 and CVE-2022-0336
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/72ZRNFZ3DE3TJA7HFCVV476YJN6I4B5M/
MGA8-64, Gnome The following 12 packages are going to be installed: - glibc-2.32-25.mga8.x86_64 - glibc-devel-2.32-25.mga8.x86_64 - lib64kdc-samba4_2-4.14.12-1.mga8.x86_64 - lib64samba-dc0-4.14.12-1.mga8.x86_64 - lib64samba1-4.14.12-1.mga8.x86_64 - lib64smbclient0-4.14.12-1.mga8.x86_64 - lib64wbclient0-4.14.12-1.mga8.x86_64 - samba-client-4.14.12-1.mga8.x86_64 - samba-common-4.14.12-1.mga8.x86_64 - samba-winbind-4.14.12-1.mga8.x86_64 - samba-winbind-clients-4.14.12-1.mga8.x86_64 - samba-winbind-modules-4.14.12-1.mga8.x86_64 --- rebooted connected to samba shares - no issues reading files, etc. will work on samba host shortly
CC: (none) => brtians1
MGA8-32, Samba Server, upgrade The following 12 packages are going to be installed: - glibc-2.32-25.mga8.i586 - glibc-devel-2.32-25.mga8.i586 - libkdc-samba4_2-4.14.12-1.mga8.i586 - libsamba-dc0-4.14.12-1.mga8.i586 - libsamba1-4.14.12-1.mga8.i586 - libsmbclient0-4.14.12-1.mga8.i586 - libwbclient0-4.14.12-1.mga8.i586 - python3-samba-4.14.12-1.mga8.i586 - samba-4.14.12-1.mga8.i586 - samba-common-4.14.12-1.mga8.i586 - samba-winbind-4.14.12-1.mga8.i586 - samba-winbind-modules-4.14.12-1.mga8.i586 --- rebooted, also had to enable/start service Samba working as expected, configuration retained.
MGA8-64, Samba Server, new install Did this in a VM. No issues building the server or setting it up, worked for me.
MGA8-64, Mate, VM, new install No issues using client to connect to Windows share.
Whiteboard: (none) => MGA8-64-OK
Validating. Advisory information in Comment 0 and Comment 6.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0054.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED