Samba has issued advisories today (July 27): https://www.samba.org/samba/security/CVE-2022-2031.html https://www.samba.org/samba/security/CVE-2022-32742.html https://www.samba.org/samba/security/CVE-2022-32744.html https://www.samba.org/samba/security/CVE-2022-32745.html https://www.samba.org/samba/security/CVE-2022-32746.html The issues are fixed upstream in 4.14.14: https://www.samba.org/samba/history/samba-4.14.14.html
Status comment: (none) => Fixed upstream in 4.14.14
Status: NEW => ASSIGNED
openSUSE has issued an advisory for this today (July 29): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CKTUJ63ZYTQNYFNRWGXIE3KBEFGJXGJL/
Updates submitted for Mageia 8 by Buchan. BTW, Cauldron still needs to be updated to 4.16.4. libldb2-2.3.4-1.mga8 ldb-utils-2.3.4-1.mga8 python3-ldb-2.3.4-1.mga8 libldb-devel-2.3.4-1.mga8 libpyldb-util2-2.3.4-1.mga8 libpyldb-util-devel-2.3.4-1.mga8 libsamba1-4.14.14-1.mga8 python3-samba-4.14.14-1.mga8 samba-dc-4.14.14-1.mga8 samba-test-4.14.14-1.mga8 ctdb-4.14.14-1.mga8 samba-4.14.14-1.mga8 samba-client-4.14.14-1.mga8 libsamba-dc0-4.14.14-1.mga8 samba-winbind-4.14.14-1.mga8 samba-common-4.14.14-1.mga8 libkdc-samba4_2-4.14.14-1.mga8 libsmbclient0-4.14.14-1.mga8 samba-winbind-clients-4.14.14-1.mga8 samba-winbind-modules-4.14.14-1.mga8 libsamba-devel-4.14.14-1.mga8 libsmbclient-devel-4.14.14-1.mga8 libwbclient0-4.14.14-1.mga8 libsamba-test0-4.14.14-1.mga8 libwbclient-devel-4.14.14-1.mga8 libheimntlm-samba4_1-4.14.14-1.mga8 samba-winbind-krb5-locator-4.14.14-1.mga8 samba-krb5-printing-4.14.14-1.mga8 from SRPMS: ldb-2.3.4-1.mga8.src.rpm samba-4.14.14-1.mga8.src.rpm
CC: (none) => bgmilneAssignee: bgmilne => qa-bugsStatus comment: Fixed upstream in 4.14.14 => (none)
sssd still need to be rebuilt since ldb was updated.
Assignee: qa-bugs => bgmilne
I've submitted the following: * ldb-2.3.4-1.mga8 http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132123.buchan.duvel.2598077/ldb-2.3.4-1.mga8/ * samba-4.14.14-1.mga8 http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132825.buchan.duvel.2622774/samba-4.14.14-1.mga8/ * sssd-2.4.0-1.4.mga8 (currently still building) http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730165215.buchan.duvel.3432169/sssd-2.4.0-1.4.mga8/ Packages so far: (why does the bs write packages.* files only for arm?) * ldb $ curl -s http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132123.buchan.duvel.2598077/ldb-2.3.4-1.mga8/build.x86_64.0.20220730132204.log|awk -F'(: |/)' '/^Wrote/ {print $8}'|grep -Ev -- '-debug(info|source)-'|sort ldb-utils-2.3.4-1.mga8.x86_64.rpm lib64ldb2-2.3.4-1.mga8.x86_64.rpm lib64ldb-devel-2.3.4-1.mga8.x86_64.rpm lib64pyldb-util2-2.3.4-1.mga8.x86_64.rpm lib64pyldb-util-devel-2.3.4-1.mga8.x86_64.rpm python3-ldb-2.3.4-1.mga8.x86_64.rpm * samba $ curl -s http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730132825.buchan.duvel.2622774/samba-4.14.14-1.mga8/build.x86_64.0.20220730133455.log|awk -F'(: |/)' '/^Wrote/ {print $8}'|grep -Ev -- '-debug(info|source)-'|sort ctdb-4.14.14-1.mga8.x86_64.rpm lib64heimntlm-samba4_1-4.14.14-1.mga8.x86_64.rpm lib64kdc-samba4_2-4.14.14-1.mga8.x86_64.rpm lib64samba1-4.14.14-1.mga8.x86_64.rpm lib64samba-dc0-4.14.14-1.mga8.x86_64.rpm lib64samba-devel-4.14.14-1.mga8.x86_64.rpm lib64samba-test0-4.14.14-1.mga8.x86_64.rpm lib64smbclient0-4.14.14-1.mga8.x86_64.rpm lib64smbclient-devel-4.14.14-1.mga8.x86_64.rpm lib64wbclient0-4.14.14-1.mga8.x86_64.rpm lib64wbclient-devel-4.14.14-1.mga8.x86_64.rpm python3-samba-4.14.14-1.mga8.x86_64.rpm samba-4.14.14-1.mga8.x86_64.rpm samba-client-4.14.14-1.mga8.x86_64.rpm samba-common-4.14.14-1.mga8.x86_64.rpm samba-dc-4.14.14-1.mga8.x86_64.rpm samba-krb5-printing-4.14.14-1.mga8.x86_64.rpm samba-test-4.14.14-1.mga8.x86_64.rpm samba-winbind-4.14.14-1.mga8.x86_64.rpm samba-winbind-clients-4.14.14-1.mga8.x86_64.rpm samba-winbind-krb5-locator-4.14.14-1.mga8.x86_64.rpm samba-winbind-modules-4.14.14-1.mga8.x86_64.rpm * sssd (Determine these from http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20220730165215.buchan.duvel.3432169/sssd-2.4.0-1.4.mga8/ when the i586/x86_64 builds are done)
Thanks Buchan. Don't forget to update Cauldron. sssd package list: sssd-ipa-2.4.0-1.4.mga8 sssd-common-2.4.0-1.4.mga8 libsss_idmap-devel-2.4.0-1.4.mga8 libsss_simpleifp-devel-2.4.0-1.4.mga8 libipa_hbac-devel-2.4.0-1.4.mga8 sssd-tools-2.4.0-1.4.mga8 sssd-ad-2.4.0-1.4.mga8 libsss_certmap-devel-2.4.0-1.4.mga8 sssd-kcm-2.4.0-1.4.mga8 libsss_nss_idmap-devel-2.4.0-1.4.mga8 sssd-dbus-2.4.0-1.4.mga8 sssd-krb5-common-2.4.0-1.4.mga8 python3-sssdconfig-2.4.0-1.4.mga8 sssd-common-pac-2.4.0-1.4.mga8 sssd-client-2.4.0-1.4.mga8 sssd-ldap-2.4.0-1.4.mga8 sssd-proxy-2.4.0-1.4.mga8 libsss_certmap-2.4.0-1.4.mga8 sssd-krb5-2.4.0-1.4.mga8 libsss_nss_idmap-2.4.0-1.4.mga8 libsss_idmap-2.4.0-1.4.mga8 libsss_autofs-2.4.0-1.4.mga8 libipa_hbac-2.4.0-1.4.mga8 python3-sss-2.4.0-1.4.mga8 sssd-2.4.0-1.4.mga8 libsss_sudo-2.4.0-1.4.mga8 sssd-nfs-idmap-2.4.0-1.4.mga8 python3-libipa_hbac-2.4.0-1.4.mga8 libsss_simpleifp-2.4.0-1.4.mga8 python3-libsss_nss_idmap-2.4.0-1.4.mga8 sssd-winbind-idmap-2.4.0-1.4.mga8 python3-sss-murmur-2.4.0-1.4.mga8 from sssd-2.4.0-1.4.mga8.src.rpm
Assignee: bgmilne => qa-bugs
> Don't forget to update Cauldron. sssd-2.6.3-7.mga9 buchan 48 seconds ago cauldron core/release building samba-4.16.4-1.mga9 buchan 22 minutes ago cauldron core/release partial ldb-2.5.2-1.mga9 buchan 3 hours ago cauldron core/release uploaded 2 minutes
Ubuntu has issued an advisory for this today (August 1): https://ubuntu.com/security/notices/USN-5542-1 The ldb update in this bug also fixes CVE-2021-3670.
MGA8-64 Plasma on Acer Aspire 5253 No installation issues # systemctl start smb [root@mach7 ~]# systemctl -l status smb ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2022-08-04 16:02:07 CEST; 9s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 24374 (smbd) Status: "smbd: ready to serve connections..." Tasks: 4 (limit: 4364) Memory: 9.0M CPU: 469ms CGroup: /system.slice/smb.service ├─24374 /usr/sbin/smbd --foreground --no-process-group ├─24377 /usr/sbin/smbd --foreground --no-process-group ├─24378 /usr/sbin/smbd --foreground --no-process-group └─24379 /usr/sbin/smbd --foreground --no-process-group Aug 04 16:02:05 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon... Aug 04 16:02:07 mach7.hviaene.thuis smbd[24374]: [2022/08/04 16:02:07.926481, 0] ../../lib/util/become_daemon.c:135(daemon_ready) Aug 04 16:02:07 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon. Aug 04 16:02:07 mach7.hviaene.thuis smbd[24374]: daemon_ready: daemon 'smbd' finished starting up and ready to serve connections Setup server in MCC. Test connection to smb on my dektop PC $ smbclient //mach1/herman -U herman Enter TESTGROUP\herman's password: Try "help" to get a list of possible commands. smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Thu Aug 4 13:58:37 2022 .. D 0 Thu Aug 4 13:57:07 2022 Viaene-2021-04-18-09-52-04.gramps N 513054 Sun Apr 18 09:52:04 2021 Viaene-2020-08-07-17-48-13.gramps N 509508 Fri Aug 7 17:48:17 2020 rpmbuild D 0 Sun Aug 16 11:16:34 2020 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 Watteeuw-2020-08-29-14-22-33.gramps N 678052 Sat Aug 29 14:22:37 2020 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 etc ........... Repeated same smbclient test from my desktop PC to this new server, with similar results. So samba is OK for me.
CC: (none) => herman.viaene
Debian has issued an advisory for this on August 11: https://www.debian.org/security/2022/dsa-5205
(In reply to David Walser from comment #7) > Ubuntu has issued an advisory for this today (August 1): > https://ubuntu.com/security/notices/USN-5542-1 > > The ldb update in this bug also fixes CVE-2021-3670. and the CVE-2022-32745 fix is apparently part of ldb: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2RORIRLFLRNQOCVXQU4V3RLZ5C2G75L2/
No one else since Aug. 4, then I'll OK the update.
Whiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0299.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
*** Bug 30407 has been marked as a duplicate of this bug. ***
The CVE-2022-32746 fix in this update was also in ldb: https://access.redhat.com/errata/RHSA-2022:7730 Also, CVE-2021-3670 (Bug 30407) was also fixed in this update, per Comment 7.
Status: RESOLVED => UNCONFIRMEDEver confirmed: 1 => 0Resolution: FIXED => (none)
Reclosing as this update has already been pushed.
Status: UNCONFIRMED => RESOLVEDResolution: (none) => FIXED