Bug 30675 - samba new security issues CVE-2022-2031 and CVE-2022-3274[2456]
Summary: samba new security issues CVE-2022-2031 and CVE-2022-3274[2456]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
: 30407 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-07-27 18:08 CEST by David Walser
Modified: 2022-11-08 15:48 CET (History)
5 users (show)

See Also:
Source RPM: samba-4.14.12-1.mga8.src.rpm
CVE:
Status comment:


Attachments

David Walser 2022-07-27 18:09:25 CEST

Status comment: (none) => Fixed upstream in 4.14.14

Buchan Milne 2022-07-27 18:16:51 CEST

Status: NEW => ASSIGNED

Comment 1 David Walser 2022-07-29 17:47:50 CEST
openSUSE has issued an advisory for this today (July 29):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CKTUJ63ZYTQNYFNRWGXIE3KBEFGJXGJL/
Comment 2 David Walser 2022-07-30 18:28:39 CEST
Updates submitted for Mageia 8 by Buchan.  BTW, Cauldron still needs to be updated to 4.16.4.

libldb2-2.3.4-1.mga8
ldb-utils-2.3.4-1.mga8
python3-ldb-2.3.4-1.mga8
libldb-devel-2.3.4-1.mga8
libpyldb-util2-2.3.4-1.mga8
libpyldb-util-devel-2.3.4-1.mga8
libsamba1-4.14.14-1.mga8
python3-samba-4.14.14-1.mga8
samba-dc-4.14.14-1.mga8
samba-test-4.14.14-1.mga8
ctdb-4.14.14-1.mga8
samba-4.14.14-1.mga8
samba-client-4.14.14-1.mga8
libsamba-dc0-4.14.14-1.mga8
samba-winbind-4.14.14-1.mga8
samba-common-4.14.14-1.mga8
libkdc-samba4_2-4.14.14-1.mga8
libsmbclient0-4.14.14-1.mga8
samba-winbind-clients-4.14.14-1.mga8
samba-winbind-modules-4.14.14-1.mga8
libsamba-devel-4.14.14-1.mga8
libsmbclient-devel-4.14.14-1.mga8
libwbclient0-4.14.14-1.mga8
libsamba-test0-4.14.14-1.mga8
libwbclient-devel-4.14.14-1.mga8
libheimntlm-samba4_1-4.14.14-1.mga8
samba-winbind-krb5-locator-4.14.14-1.mga8
samba-krb5-printing-4.14.14-1.mga8

from SRPMS:
ldb-2.3.4-1.mga8.src.rpm
samba-4.14.14-1.mga8.src.rpm

CC: (none) => bgmilne
Assignee: bgmilne => qa-bugs
Status comment: Fixed upstream in 4.14.14 => (none)

Comment 3 David Walser 2022-07-30 18:29:12 CEST
sssd still need to be rebuilt since ldb was updated.

Assignee: qa-bugs => bgmilne

Comment 4 Buchan Milne 2022-07-30 19:07:09 CEST
I've submitted the following:
* ldb-2.3.4-1.mga8
http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132123.buchan.duvel.2598077/ldb-2.3.4-1.mga8/
* samba-4.14.14-1.mga8
http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132825.buchan.duvel.2622774/samba-4.14.14-1.mga8/
* sssd-2.4.0-1.4.mga8 (currently still building)
http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730165215.buchan.duvel.3432169/sssd-2.4.0-1.4.mga8/

Packages so far:
(why does the bs write packages.* files only for arm?)


* ldb
$ curl -s http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132123.buchan.duvel.2598077/ldb-2.3.4-1.mga8/build.x86_64.0.20220730132204.log|awk -F'(: |/)' '/^Wrote/ {print $8}'|grep -Ev -- '-debug(info|source)-'|sort
ldb-utils-2.3.4-1.mga8.x86_64.rpm
lib64ldb2-2.3.4-1.mga8.x86_64.rpm
lib64ldb-devel-2.3.4-1.mga8.x86_64.rpm
lib64pyldb-util2-2.3.4-1.mga8.x86_64.rpm
lib64pyldb-util-devel-2.3.4-1.mga8.x86_64.rpm
python3-ldb-2.3.4-1.mga8.x86_64.rpm

* samba
$ curl -s http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132825.buchan.duvel.2622774/samba-4.14.14-1.mga8/build.x86_64.0.20220730133455.log|awk -F'(: |/)' '/^Wrote/ {print $8}'|grep -Ev -- '-debug(info|source)-'|sort
ctdb-4.14.14-1.mga8.x86_64.rpm
lib64heimntlm-samba4_1-4.14.14-1.mga8.x86_64.rpm
lib64kdc-samba4_2-4.14.14-1.mga8.x86_64.rpm
lib64samba1-4.14.14-1.mga8.x86_64.rpm
lib64samba-dc0-4.14.14-1.mga8.x86_64.rpm
lib64samba-devel-4.14.14-1.mga8.x86_64.rpm
lib64samba-test0-4.14.14-1.mga8.x86_64.rpm
lib64smbclient0-4.14.14-1.mga8.x86_64.rpm
lib64smbclient-devel-4.14.14-1.mga8.x86_64.rpm
lib64wbclient0-4.14.14-1.mga8.x86_64.rpm
lib64wbclient-devel-4.14.14-1.mga8.x86_64.rpm
python3-samba-4.14.14-1.mga8.x86_64.rpm
samba-4.14.14-1.mga8.x86_64.rpm
samba-client-4.14.14-1.mga8.x86_64.rpm
samba-common-4.14.14-1.mga8.x86_64.rpm
samba-dc-4.14.14-1.mga8.x86_64.rpm
samba-krb5-printing-4.14.14-1.mga8.x86_64.rpm
samba-test-4.14.14-1.mga8.x86_64.rpm
samba-winbind-4.14.14-1.mga8.x86_64.rpm
samba-winbind-clients-4.14.14-1.mga8.x86_64.rpm
samba-winbind-krb5-locator-4.14.14-1.mga8.x86_64.rpm
samba-winbind-modules-4.14.14-1.mga8.x86_64.rpm

* sssd
(Determine these from http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730165215.buchan.duvel.3432169/sssd-2.4.0-1.4.mga8/ when the i586/x86_64 builds are done)
Comment 5 David Walser 2022-07-30 19:18:51 CEST
Thanks Buchan.  Don't forget to update Cauldron.

sssd package list:
sssd-ipa-2.4.0-1.4.mga8
sssd-common-2.4.0-1.4.mga8
libsss_idmap-devel-2.4.0-1.4.mga8
libsss_simpleifp-devel-2.4.0-1.4.mga8
libipa_hbac-devel-2.4.0-1.4.mga8
sssd-tools-2.4.0-1.4.mga8
sssd-ad-2.4.0-1.4.mga8
libsss_certmap-devel-2.4.0-1.4.mga8
sssd-kcm-2.4.0-1.4.mga8
libsss_nss_idmap-devel-2.4.0-1.4.mga8
sssd-dbus-2.4.0-1.4.mga8
sssd-krb5-common-2.4.0-1.4.mga8
python3-sssdconfig-2.4.0-1.4.mga8
sssd-common-pac-2.4.0-1.4.mga8
sssd-client-2.4.0-1.4.mga8
sssd-ldap-2.4.0-1.4.mga8
sssd-proxy-2.4.0-1.4.mga8
libsss_certmap-2.4.0-1.4.mga8
sssd-krb5-2.4.0-1.4.mga8
libsss_nss_idmap-2.4.0-1.4.mga8
libsss_idmap-2.4.0-1.4.mga8
libsss_autofs-2.4.0-1.4.mga8
libipa_hbac-2.4.0-1.4.mga8
python3-sss-2.4.0-1.4.mga8
sssd-2.4.0-1.4.mga8
libsss_sudo-2.4.0-1.4.mga8
sssd-nfs-idmap-2.4.0-1.4.mga8
python3-libipa_hbac-2.4.0-1.4.mga8
libsss_simpleifp-2.4.0-1.4.mga8
python3-libsss_nss_idmap-2.4.0-1.4.mga8
sssd-winbind-idmap-2.4.0-1.4.mga8
python3-sss-murmur-2.4.0-1.4.mga8

from sssd-2.4.0-1.4.mga8.src.rpm

Assignee: bgmilne => qa-bugs

Comment 6 Buchan Milne 2022-07-30 22:25:52 CEST
> Don't forget to update Cauldron.

sssd-2.6.3-7.mga9	buchan 48 seconds ago	cauldron core/release	building
samba-4.16.4-1.mga9	buchan 22 minutes ago	cauldron core/release	partial
ldb-2.5.2-1.mga9	buchan 3 hours ago	cauldron core/release	uploaded 2 minutes
Comment 7 David Walser 2022-08-01 17:14:13 CEST
Ubuntu has issued an advisory for this today (August 1):
https://ubuntu.com/security/notices/USN-5542-1

The ldb update in this bug also fixes CVE-2021-3670.
Comment 8 Herman Viaene 2022-08-04 16:21:51 CEST
MGA8-64 Plasma on Acer Aspire 5253
No installation issues
# systemctl start smb
[root@mach7 ~]# systemctl -l  status smb
● smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
     Active: active (running) since Thu 2022-08-04 16:02:07 CEST; 9s ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 24374 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 4 (limit: 4364)
     Memory: 9.0M
        CPU: 469ms
     CGroup: /system.slice/smb.service
             ├─24374 /usr/sbin/smbd --foreground --no-process-group
             ├─24377 /usr/sbin/smbd --foreground --no-process-group
             ├─24378 /usr/sbin/smbd --foreground --no-process-group
             └─24379 /usr/sbin/smbd --foreground --no-process-group

Aug 04 16:02:05 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon...
Aug 04 16:02:07 mach7.hviaene.thuis smbd[24374]: [2022/08/04 16:02:07.926481,  0] ../../lib/util/become_daemon.c:135(daemon_ready)
Aug 04 16:02:07 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon.
Aug 04 16:02:07 mach7.hviaene.thuis smbd[24374]:   daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
Setup server in MCC.
Test connection to smb on my dektop PC
$ smbclient  //mach1/herman -U herman
Enter TESTGROUP\herman's password: 
Try "help" to get a list of possible commands.
smb: \> pwd
Current directory is \\mach1\herman\
smb: \> ls
  .                                   D        0  Thu Aug  4 13:58:37 2022
  ..                                  D        0  Thu Aug  4 13:57:07 2022
  Viaene-2021-04-18-09-52-04.gramps      N   513054  Sun Apr 18 09:52:04 2021
  Viaene-2020-08-07-17-48-13.gramps      N   509508  Fri Aug  7 17:48:17 2020
  rpmbuild                            D        0  Sun Aug 16 11:16:34 2020
  idkaartherman.jpg                   N   235947  Thu Sep 23 17:27:46 2010
  Watteeuw-2020-08-29-14-22-33.gramps      N   678052  Sat Aug 29 14:22:37 2020
  kerst2015nedklein.ppsx              N  1514274  Fri Dec 25 20:05:05 2015
etc ...........
Repeated same smbclient test from my desktop PC to this new server, with similar results.
So samba is OK for me.

CC: (none) => herman.viaene

Comment 9 David Walser 2022-08-12 18:35:19 CEST
Debian has issued an advisory for this on August 11:
https://www.debian.org/security/2022/dsa-5205
Comment 10 David Walser 2022-08-15 02:33:38 CEST
(In reply to David Walser from comment #7)
> Ubuntu has issued an advisory for this today (August 1):
> https://ubuntu.com/security/notices/USN-5542-1
> 
> The ldb update in this bug also fixes CVE-2021-3670.

and the CVE-2022-32745 fix is apparently part of ldb:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2RORIRLFLRNQOCVXQU4V3RLZ5C2G75L2/
Comment 11 Herman Viaene 2022-08-24 10:07:01 CEST
No one else since Aug. 4, then I'll OK the update.

Whiteboard: (none) => MGA8-64-OK

Comment 12 Thomas Andrews 2022-08-24 13:32:33 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-08-24 23:24:15 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 13 Mageia Robot 2022-08-25 23:22:56 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0299.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 14 David Walser 2022-11-08 13:48:14 CET
*** Bug 30407 has been marked as a duplicate of this bug. ***
Comment 15 David Walser 2022-11-08 13:49:20 CET
The CVE-2022-32746 fix in this update was also in ldb:
https://access.redhat.com/errata/RHSA-2022:7730

Also, CVE-2021-3670 (Bug 30407) was also fixed in this update, per Comment 7.

Status: RESOLVED => UNCONFIRMED
Ever confirmed: 1 => 0
Resolution: FIXED => (none)

Comment 16 Dave Hodgins 2022-11-08 15:48:41 CET
Reclosing as this update has already been pushed.

Status: UNCONFIRMED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.