31735 – samba, ldb new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614

Bug 31735 - samba, ldb new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614

Summary: samba, ldb new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:	31346
	Show dependency tree / graph

Reported:	2023-03-30 20:17 CEST by David Walser
Modified:	2023-04-06 23:21 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	ldb-2.6.1-1.mga9.src.rpm, samba-4.17.5-2.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-03-30 20:17:56 CEST

Samba has issued advisories on March 29:
https://www.samba.org/samba/security/CVE-2023-0225.html
https://www.samba.org/samba/security/CVE-2023-0922.html
https://www.samba.org/samba/security/CVE-2023-0614.html

The issues are fixed upstream in 4.17.7 and 4.16.10:
https://www.samba.org/samba/history/samba-4.17.7.html
https://www.samba.org/samba/history/samba-4.16.10.html

Mageia 8 is also affected by CVE-2023-0922 and CVE-2023-0614.

David Walser 2023-03-30 20:18:16 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 4.16.10 and 4.17.7
Blocks: (none) => 31346

Comment 1 David Walser 2023-03-30 22:57:09 CEST

SUSE has issued an advisory for this on March 29:
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014245.html

The CVE-2023-0614 fix is in ldb.

Summary: samba new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614 => samba, ldb new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614
Source RPM: (none) => ldb-2.6.1-1.mga9.src.rpm, samba-4.17.5-2.mga9.src.rpm

Comment 2 Buchan Milne 2023-04-01 21:15:29 CEST

I have uploaded ldb-2.5.3 and samba-4.16.10 for MGA8 to updates_testing

RPMS:

From ldb-2.5.3-1.mga8.src.rpm:

ldb-debuginfo-2.5.3-1.mga8.x86_64.rpm
ldb-debugsource-2.5.3-1.mga8.x86_64.rpm
ldb-utils-2.5.3-1.mga8.x86_64.rpm
ldb-utils-debuginfo-2.5.3-1.mga8.x86_64.rpm
lib64ldb2-2.5.3-1.mga8.x86_64.rpm
lib64ldb2-debuginfo-2.5.3-1.mga8.x86_64.rpm
lib64ldb-devel-2.5.3-1.mga8.x86_64.rpm
lib64pyldb-util2-2.5.3-1.mga8.x86_64.rpm
lib64pyldb-util2-debuginfo-2.5.3-1.mga8.x86_64.rpm
lib64pyldb-util-devel-2.5.3-1.mga8.x86_64.rpm
python3-ldb-2.5.3-1.mga8.x86_64.rpm
python3-ldb-debuginfo-2.5.3-1.mga8.x86_64.rpm

From samba-4.16.10-1.mga8.src.rpm:

ctdb-4.16.10-1.mga8.x86_64.rpm
ctdb-debuginfo-4.16.10-1.mga8.x86_64.rpm
lib64samba1-4.16.10-1.mga8.x86_64.rpm
lib64samba1-debuginfo-4.16.10-1.mga8.x86_64.rpm
lib64samba-dc0-4.16.10-1.mga8.x86_64.rpm
lib64samba-dc0-debuginfo-4.16.10-1.mga8.x86_64.rpm
lib64samba-devel-4.16.10-1.mga8.x86_64.rpm
lib64samba-test0-4.16.10-1.mga8.x86_64.rpm
lib64samba-test0-debuginfo-4.16.10-1.mga8.x86_64.rpm
lib64smbclient0-4.16.10-1.mga8.x86_64.rpm
lib64smbclient0-debuginfo-4.16.10-1.mga8.x86_64.rpm
lib64smbclient-devel-4.16.10-1.mga8.x86_64.rpm
lib64wbclient0-4.16.10-1.mga8.x86_64.rpm
lib64wbclient0-debuginfo-4.16.10-1.mga8.x86_64.rpm
lib64wbclient-devel-4.16.10-1.mga8.x86_64.rpm
python3-samba-4.16.10-1.mga8.x86_64.rpm
python3-samba-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-4.16.10-1.mga8.x86_64.rpm
samba-client-4.16.10-1.mga8.x86_64.rpm
samba-client-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-common-4.16.10-1.mga8.x86_64.rpm
samba-common-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-dc-4.16.10-1.mga8.x86_64.rpm
samba-dc-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-debugsource-4.16.10-1.mga8.x86_64.rpm
samba-krb5-printing-4.16.10-1.mga8.x86_64.rpm
samba-krb5-printing-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-test-4.16.10-1.mga8.x86_64.rpm
samba-test-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-winbind-4.16.10-1.mga8.x86_64.rpm
samba-winbind-clients-4.16.10-1.mga8.x86_64.rpm
samba-winbind-clients-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-winbind-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-winbind-krb5-locator-4.16.10-1.mga8.x86_64.rpm
samba-winbind-krb5-locator-debuginfo-4.16.10-1.mga8.x86_64.rpm
samba-winbind-modules-4.16.10-1.mga8.x86_64.rpm
samba-winbind-modules-debuginfo-4.16.10-1.mga8.x86_64.rpm


Updates for cauldron are in progress.

Assignee: bgmilne => qa-bugs
CC: (none) => bgmilne
Status: NEW => ASSIGNED

Comment 3 David Walser 2023-04-02 18:10:42 CEST

ldb-2.6.2-1.mga9 and samba-4.17.7-1.mga9 pending freeze move for Cauldron.

Buchan, any news on the CVEs in Bug 31346?


Mageia 8 update:
libldb2-2.5.3-1.mga8
ldb-utils-2.5.3-1.mga8
python3-ldb-2.5.3-1.mga8
libldb-devel-2.5.3-1.mga8
libpyldb-util-devel-2.5.3-1.mga8
libpyldb-util2-2.5.3-1.mga8
libsamba1-4.16.10-1.mga8
python3-samba-4.16.10-1.mga8
samba-dc-4.16.10-1.mga8
samba-test-4.16.10-1.mga8
ctdb-4.16.10-1.mga8
samba-4.16.10-1.mga8
samba-client-4.16.10-1.mga8
libsamba-dc0-4.16.10-1.mga8
samba-common-4.16.10-1.mga8
libsamba-devel-4.16.10-1.mga8
samba-winbind-4.16.10-1.mga8
samba-winbind-modules-4.16.10-1.mga8
libsmbclient0-4.16.10-1.mga8
samba-winbind-clients-4.16.10-1.mga8
libsmbclient-devel-4.16.10-1.mga8
libwbclient0-4.16.10-1.mga8
libsamba-test0-4.16.10-1.mga8
libwbclient-devel-4.16.10-1.mga8
samba-krb5-printing-4.16.10-1.mga8
samba-winbind-krb5-locator-4.16.10-1.mga8

from SRPMS:
ldb-2.5.3-1.mga8.src.rpm
samba-4.16.10-1.mga8.src.rpm

Version: Cauldron => 8
Status comment: Fixed upstream in 4.16.10 and 4.17.7 => (none)
Whiteboard: MGA8TOO => (none)

Comment 4 Buchan Milne 2023-04-02 21:32:15 CEST

ldb-2.6.2-1.mga9 and samba-4.17.7-1.mga9 are in core/updates_testing for cauldron, due to version freeze. I have requested that they be moved to core/release.

Comment 5 Herman Viaene 2023-04-03 16:22:21 CEST

MGA8-64 MATE on Acer Aspire 5253.
No installation issues with list from Comment 2.
Ref bug 29641 for testing
Made sure smb server is running
# systemctl start smb
# systemctl -l status smb
● smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
     Active: active (running) since Mon 2023-04-03 16:10:51 CEST; 14s ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 9343 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 3 (limit: 4364)
     Memory: 6.8M
        CPU: 396ms
     CGroup: /system.slice/smb.service
             ├─9343 /usr/sbin/smbd --foreground --no-process-group
             ├─9347 /usr/sbin/smbd --foreground --no-process-group
             └─9348 /usr/sbin/smbd --foreground --no-process-group

Apr 03 16:10:47 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon...
Apr 03 16:10:51 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon.

Configure in MCC basic smb shares and user.
Then as normal user, test connection to Samba server on my desktop PC:
$ smbclient  //mach1/herman -U herman
smbclient: Ignoring: /etc/krb5.conf:1: binding before section
smbclient: Ignoring: /etc/krb5.conf:1: binding before section
Password for [TESTGROUP\herman]:
smbclient: Ignoring: /etc/krb5.conf:1: binding before section
smbclient: Ignoring: /etc/krb5.conf:1: binding before section
smbclient: Ignoring: /etc/krb5.conf:1: binding before section
smbclient: Ignoring: /etc/krb5.conf:1: binding before section
smbclient: Ignoring: /etc/krb5.conf:1: binding before section
smbclient: Ignoring: /etc/krb5.conf:1: binding before section
Try "help" to get a list of possible commands.
smb: \> pwd
Current directory is \\mach1\herman\
smb: \> ls
  .                                   D        0  Mon Apr  3 08:55:28 2023
  ..                                  D        0  Thu Aug  4 13:57:07 2022
  .dillo                             DH        0  Thu Nov 17 18:08:47 2022
  rpmbuild                            D        0  Sun Aug 16 11:16:34 2020
  idkaartherman.jpg                   N   235947  Thu Sep 23 17:27:46 2010
  Watteeuw-2020-08-29-14-22-33.gramps      N   678052  Sat Aug 29 14:22:37 2020
  kerst2015nedklein.ppsx              N  1514274  Fri Dec 25 20:05:05 2015
  .audacity-data                     DH        0  Sat Jan 21 09:22:15 2023
  .qareporc                           H      123  Fri Feb  5 15:51:00 2021
  .gnucash                           DH        0  Sun Dec 29 11:33:23 2019
  ipv6.html                           N    22650  Tue Dec 29 12:35:25 2009
  CV muzikaal.odt                     N    11374  Sat May 28 09:04:16 2016
etc.......
		607542464 blocks of size 1024. 182832492 blocks available
smb: \> quit

Repeated same smbclient test from my desktop PC to this new server, with similar results.
So samba is OK for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 6 David Walser 2023-04-05 02:19:58 CEST

Freeze move has been done.

(In reply to David Walser from comment #3)
> Buchan, any news on the CVEs in Bug 31346?

Ping.

Comment 7 Thomas Andrews 2023-04-06 18:42:55 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 8 David Walser 2023-04-06 19:43:18 CEST

(In reply to David Walser from comment #6)
> (In reply to David Walser from comment #3)
> > Buchan, any news on the CVEs in Bug 31346?
> 
> Ping.

Ping Buchan...

Dave Hodgins 2023-04-06 20:55:32 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 9 Mageia Robot 2023-04-06 23:21:43 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0127.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.