Samba has issued advisories on March 29: https://www.samba.org/samba/security/CVE-2023-0225.html https://www.samba.org/samba/security/CVE-2023-0922.html https://www.samba.org/samba/security/CVE-2023-0614.html The issues are fixed upstream in 4.17.7 and 4.16.10: https://www.samba.org/samba/history/samba-4.17.7.html https://www.samba.org/samba/history/samba-4.16.10.html Mageia 8 is also affected by CVE-2023-0922 and CVE-2023-0614.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 4.16.10 and 4.17.7Blocks: (none) => 31346
SUSE has issued an advisory for this on March 29: https://lists.suse.com/pipermail/sle-security-updates/2023-March/014245.html The CVE-2023-0614 fix is in ldb.
Summary: samba new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614 => samba, ldb new security issues CVE-2023-0225, CVE-2023-0922, and CVE-2023-0614Source RPM: (none) => ldb-2.6.1-1.mga9.src.rpm, samba-4.17.5-2.mga9.src.rpm
I have uploaded ldb-2.5.3 and samba-4.16.10 for MGA8 to updates_testing RPMS: From ldb-2.5.3-1.mga8.src.rpm: ldb-debuginfo-2.5.3-1.mga8.x86_64.rpm ldb-debugsource-2.5.3-1.mga8.x86_64.rpm ldb-utils-2.5.3-1.mga8.x86_64.rpm ldb-utils-debuginfo-2.5.3-1.mga8.x86_64.rpm lib64ldb2-2.5.3-1.mga8.x86_64.rpm lib64ldb2-debuginfo-2.5.3-1.mga8.x86_64.rpm lib64ldb-devel-2.5.3-1.mga8.x86_64.rpm lib64pyldb-util2-2.5.3-1.mga8.x86_64.rpm lib64pyldb-util2-debuginfo-2.5.3-1.mga8.x86_64.rpm lib64pyldb-util-devel-2.5.3-1.mga8.x86_64.rpm python3-ldb-2.5.3-1.mga8.x86_64.rpm python3-ldb-debuginfo-2.5.3-1.mga8.x86_64.rpm From samba-4.16.10-1.mga8.src.rpm: ctdb-4.16.10-1.mga8.x86_64.rpm ctdb-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64samba1-4.16.10-1.mga8.x86_64.rpm lib64samba1-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64samba-dc0-4.16.10-1.mga8.x86_64.rpm lib64samba-dc0-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64samba-devel-4.16.10-1.mga8.x86_64.rpm lib64samba-test0-4.16.10-1.mga8.x86_64.rpm lib64samba-test0-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64smbclient0-4.16.10-1.mga8.x86_64.rpm lib64smbclient0-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64smbclient-devel-4.16.10-1.mga8.x86_64.rpm lib64wbclient0-4.16.10-1.mga8.x86_64.rpm lib64wbclient0-debuginfo-4.16.10-1.mga8.x86_64.rpm lib64wbclient-devel-4.16.10-1.mga8.x86_64.rpm python3-samba-4.16.10-1.mga8.x86_64.rpm python3-samba-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-4.16.10-1.mga8.x86_64.rpm samba-client-4.16.10-1.mga8.x86_64.rpm samba-client-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-common-4.16.10-1.mga8.x86_64.rpm samba-common-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-dc-4.16.10-1.mga8.x86_64.rpm samba-dc-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-debugsource-4.16.10-1.mga8.x86_64.rpm samba-krb5-printing-4.16.10-1.mga8.x86_64.rpm samba-krb5-printing-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-test-4.16.10-1.mga8.x86_64.rpm samba-test-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-winbind-4.16.10-1.mga8.x86_64.rpm samba-winbind-clients-4.16.10-1.mga8.x86_64.rpm samba-winbind-clients-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-winbind-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-winbind-krb5-locator-4.16.10-1.mga8.x86_64.rpm samba-winbind-krb5-locator-debuginfo-4.16.10-1.mga8.x86_64.rpm samba-winbind-modules-4.16.10-1.mga8.x86_64.rpm samba-winbind-modules-debuginfo-4.16.10-1.mga8.x86_64.rpm Updates for cauldron are in progress.
Assignee: bgmilne => qa-bugsCC: (none) => bgmilneStatus: NEW => ASSIGNED
ldb-2.6.2-1.mga9 and samba-4.17.7-1.mga9 pending freeze move for Cauldron. Buchan, any news on the CVEs in Bug 31346? Mageia 8 update: libldb2-2.5.3-1.mga8 ldb-utils-2.5.3-1.mga8 python3-ldb-2.5.3-1.mga8 libldb-devel-2.5.3-1.mga8 libpyldb-util-devel-2.5.3-1.mga8 libpyldb-util2-2.5.3-1.mga8 libsamba1-4.16.10-1.mga8 python3-samba-4.16.10-1.mga8 samba-dc-4.16.10-1.mga8 samba-test-4.16.10-1.mga8 ctdb-4.16.10-1.mga8 samba-4.16.10-1.mga8 samba-client-4.16.10-1.mga8 libsamba-dc0-4.16.10-1.mga8 samba-common-4.16.10-1.mga8 libsamba-devel-4.16.10-1.mga8 samba-winbind-4.16.10-1.mga8 samba-winbind-modules-4.16.10-1.mga8 libsmbclient0-4.16.10-1.mga8 samba-winbind-clients-4.16.10-1.mga8 libsmbclient-devel-4.16.10-1.mga8 libwbclient0-4.16.10-1.mga8 libsamba-test0-4.16.10-1.mga8 libwbclient-devel-4.16.10-1.mga8 samba-krb5-printing-4.16.10-1.mga8 samba-winbind-krb5-locator-4.16.10-1.mga8 from SRPMS: ldb-2.5.3-1.mga8.src.rpm samba-4.16.10-1.mga8.src.rpm
Version: Cauldron => 8Status comment: Fixed upstream in 4.16.10 and 4.17.7 => (none)Whiteboard: MGA8TOO => (none)
ldb-2.6.2-1.mga9 and samba-4.17.7-1.mga9 are in core/updates_testing for cauldron, due to version freeze. I have requested that they be moved to core/release.
MGA8-64 MATE on Acer Aspire 5253. No installation issues with list from Comment 2. Ref bug 29641 for testing Made sure smb server is running # systemctl start smb # systemctl -l status smb ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2023-04-03 16:10:51 CEST; 14s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 9343 (smbd) Status: "smbd: ready to serve connections..." Tasks: 3 (limit: 4364) Memory: 6.8M CPU: 396ms CGroup: /system.slice/smb.service ├─9343 /usr/sbin/smbd --foreground --no-process-group ├─9347 /usr/sbin/smbd --foreground --no-process-group └─9348 /usr/sbin/smbd --foreground --no-process-group Apr 03 16:10:47 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon... Apr 03 16:10:51 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon. Configure in MCC basic smb shares and user. Then as normal user, test connection to Samba server on my desktop PC: $ smbclient //mach1/herman -U herman smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section Password for [TESTGROUP\herman]: smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section smbclient: Ignoring: /etc/krb5.conf:1: binding before section Try "help" to get a list of possible commands. smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Mon Apr 3 08:55:28 2023 .. D 0 Thu Aug 4 13:57:07 2022 .dillo DH 0 Thu Nov 17 18:08:47 2022 rpmbuild D 0 Sun Aug 16 11:16:34 2020 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 Watteeuw-2020-08-29-14-22-33.gramps N 678052 Sat Aug 29 14:22:37 2020 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 .audacity-data DH 0 Sat Jan 21 09:22:15 2023 .qareporc H 123 Fri Feb 5 15:51:00 2021 .gnucash DH 0 Sun Dec 29 11:33:23 2019 ipv6.html N 22650 Tue Dec 29 12:35:25 2009 CV muzikaal.odt N 11374 Sat May 28 09:04:16 2016 etc....... 607542464 blocks of size 1024. 182832492 blocks available smb: \> quit Repeated same smbclient test from my desktop PC to this new server, with similar results. So samba is OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Freeze move has been done. (In reply to David Walser from comment #3) > Buchan, any news on the CVEs in Bug 31346? Ping.
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
(In reply to David Walser from comment #6) > (In reply to David Walser from comment #3) > > Buchan, any news on the CVEs in Bug 31346? > > Ping. Ping Buchan...
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0127.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED