The Samba team has issued new advisories and released new patch releases of samba-4.16 (4.16.11), 4.17 (4.17.10) and 4.18 (4.18.5). https://www.samba.org/samba/security/CVE-2023-34967.html https://www.samba.org/samba/security/CVE-2022-2127.html https://www.samba.org/samba/security/CVE-2023-34968.html https://www.samba.org/samba/security/CVE-2023-34966.html https://www.samba.org/samba/security/CVE-2023-3347.html I have uploaded 4.16.11 to core/updates_testing for 8, and 4.17.10 for cauldron. Please test 4.16.11 for core/updates_testing The resulted packages can be found at the end of the build logs: e.g. from http://pkgsubmit.mageia.org/uploads/done/8/core/updates_testing/20230731195208.buchan.duvel.1006327/samba-4.16.11-1.mga8/build.x86_64.0.20230731195302.log : ctdb-4.16.11-1.mga8.x86_64.rpm ctdb-debuginfo-4.16.11-1.mga8.x86_64.rpm lib64samba1-4.16.11-1.mga8.x86_64.rpm lib64samba1-debuginfo-4.16.11-1.mga8.x86_64.rpm lib64samba-dc0-4.16.11-1.mga8.x86_64.rpm lib64samba-dc0-debuginfo-4.16.11-1.mga8.x86_64.rpm lib64samba-devel-4.16.11-1.mga8.x86_64.rpm lib64samba-test0-4.16.11-1.mga8.x86_64.rpm lib64samba-test0-debuginfo-4.16.11-1.mga8.x86_64.rpm lib64smbclient0-4.16.11-1.mga8.x86_64.rpm lib64smbclient0-debuginfo-4.16.11-1.mga8.x86_64.rpm lib64smbclient-devel-4.16.11-1.mga8.x86_64.rpm lib64wbclient0-4.16.11-1.mga8.x86_64.rpm lib64wbclient0-debuginfo-4.16.11-1.mga8.x86_64.rpm lib64wbclient-devel-4.16.11-1.mga8.x86_64.rpm python3-samba-4.16.11-1.mga8.x86_64.rpm python3-samba-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-4.16.11-1.mga8.x86_64.rpm samba-client-4.16.11-1.mga8.x86_64.rpm samba-client-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-common-4.16.11-1.mga8.x86_64.rpm samba-common-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-dc-4.16.11-1.mga8.x86_64.rpm samba-dc-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-debugsource-4.16.11-1.mga8.x86_64.rpm samba-krb5-printing-4.16.11-1.mga8.x86_64.rpm samba-krb5-printing-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-test-4.16.11-1.mga8.x86_64.rpm samba-test-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-winbind-4.16.11-1.mga8.x86_64.rpm samba-winbind-clients-4.16.11-1.mga8.x86_64.rpm samba-winbind-clients-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-winbind-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-winbind-krb5-locator-4.16.11-1.mga8.x86_64.rpm samba-winbind-krb5-locator-debuginfo-4.16.11-1.mga8.x86_64.rpm samba-winbind-modules-4.16.11-1.mga8.x86_64.rpm samba-winbind-modules-debuginfo-4.16.11-1.mga8.x86_64.rpm
QA Contact: (none) => securityComponent: RPM Packages => SecurityWhiteboard: (none) => MGA9TOO
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Ref bugs 31735 and 29641 for testing Made sure smb server is running # systemctl start smb # systemctl -l status smb ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2023-08-02 13:10:35 CEST; 15s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 11467 (smbd) Status: "smbd: ready to serve connections..." Tasks: 3 (limit: 4364) Memory: 7.4M CPU: 421ms CGroup: /system.slice/smb.service ├─11467 /usr/sbin/smbd --foreground --no-process-group ├─11470 /usr/sbin/smbd --foreground --no-process-group └─11471 /usr/sbin/smbd --foreground --no-process-group Aug 02 13:10:33 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon... Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]: [2023/08/02 13:10:33.765568, 0] ../../source3/smbd/server.c:1741> Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]: smbd version 4.16.11 started. Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]: Copyright Andrew Tridgell and the Samba Team 1992-2022 Aug 02 13:10:35 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon. Configure in MCC basic smb shares and user. Then as normal user, test connection to Samba server on my desktop PC: # systemctl -l status smb ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2023-08-02 13:10:35 CEST; 15s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 11467 (smbd) Status: "smbd: ready to serve connections..." Tasks: 3 (limit: 4364) Memory: 7.4M CPU: 421ms CGroup: /system.slice/smb.service ├─11467 /usr/sbin/smbd --foreground --no-process-group ├─11470 /usr/sbin/smbd --foreground --no-process-group └─11471 /usr/sbin/smbd --foreground --no-process-group Aug 02 13:10:33 mach7.hviaene.thuis systemd[1]: Starting Samba SMB Daemon... Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]: [2023/08/02 13:10:33.765568, 0] ../../source3/smbd/server.c:1741> Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]: smbd version 4.16.11 started. Aug 02 13:10:33 mach7.hviaene.thuis smbd[11467]: Copyright Andrew Tridgell and the Samba Team 1992-2022 Aug 02 13:10:35 mach7.hviaene.thuis systemd[1]: Started Samba SMB Daemon. $ smbclient //mach1/herman -U herman Password for [MYGROUP\herman]: Try "help" to get a list of possible commands. smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Wed Aug 2 09:34:37 2023 .. D 0 Thu Aug 4 13:57:07 2022 .dillo DH 0 Thu Nov 17 18:08:47 2022 rpmbuild D 0 Sun Aug 16 11:16:34 2020 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 Watteeuw-2020-08-29-14-22-33.gramps N 678052 Sat Aug 29 14:22:37 2020 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 .audacity-data DH 0 Sat Jan 21 09:22:15 2023 .qareporc H 123 Fri Feb 5 15:51:00 2021 .gnucash DH 0 Sun Dec 29 11:33:23 2019 ipv6.html N 22650 Tue Dec 29 12:35:25 2009 CV muzikaal.odt N 11374 Sat May 28 09:04:16 2016 Picture1.jpg N 118784 Tue Dec 29 12:35:24 2009 atl.dll N 73785 Tue Dec 29 12:35:24 2009 IP-Masquerade-HOWTO-5.html N 22228 Tue Dec 29 12:35:24 2009 montage.pdf N 5889267 Fri Jan 10 09:31:57 2014 vis.mp3 N 160344 Tue Dec 29 12:35:25 2009 index.php N 72003 Tue Dec 29 12:35:25 2009 DATA D 0 Mon Jul 27 11:15:39 2020 .VirtualBox DH 0 Fri Jul 7 14:16:33 2023 oraInventory D 0 Sun May 13 17:16:34 2018 audacity2.0-herman D 0 Mon Jul 27 11:14:53 2020 etc...... smb: \> quit Repeated same smbclient test from my desktop PC to this new server, with similar results. So samba is OK for me.
CC: (none) => herman.viaeneWhiteboard: MGA9TOO => MGA8TOO MGA9TOO MGA8-64-OK
Release notes for the fixed versions: https://www.samba.org/samba/history/samba-4.16.11.html https://www.samba.org/samba/history/samba-4.17.10.html Note that CVE-2023-3347 only affects Cauldron. Cauldron hasn't been updated (there's an update in testing but it hasn't been pushed to release).
Version: 8 => Cauldron
I suppose the version to be tested for M9 is 4.17.10 ?????
Same tests as in Comment 1 for 4.17.10 # systemctl start smb # systemctl -l status smb ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; preset: disabled) Active: active (running) since Fri 2023-08-11 14:07:38 CEST; 20s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 43411 (smbd) Status: "smbd: ready to serve connections..." Tasks: 3 (limit: 4317) Memory: 7.5M CPU: 442ms CGroup: /system.slice/smb.service ├─43411 /usr/sbin/smbd --foreground --no-process-group ├─43415 /usr/sbin/smbd --foreground --no-process-group └─43416 /usr/sbin/smbd --foreground --no-process-group Aug 11 14:07:33 mach7.hviaene.thuis systemd[1]: Starting smb.service... Aug 11 14:07:37 mach7.hviaene.thuis smbd[43411]: [2023/08/11 14:07:37.740170, 0] ../../source3/smbd/server.c:1> Aug 11 14:07:37 mach7.hviaene.thuis smbd[43411]: smbd version 4.17.10 started. Aug 11 14:07:37 mach7.hviaene.thuis smbd[43411]: Copyright Andrew Tridgell and the Samba Team 1992-2022 Aug 11 14:07:38 mach7.hviaene.thuis systemd[1]: Started smb.service. Then as normal user, test connection to Samba server on my desktop PC: $ smbclient //mach1/herman -U herman Password for [WORKGROUP\herman]: Try "help" to get a list of possible commands. smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Fri Aug 11 08:38:30 2023 .. D 0 Thu Aug 4 13:57:07 2022 .dillo DH 0 Thu Nov 17 18:08:47 2022 rpmbuild D 0 Sun Aug 16 11:16:34 2020 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 Watteeuw-2020-08-29-14-22-33.gramps N 678052 Sat Aug 29 14:22:37 2020 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 .audacity-data DH 0 Sat Jan 21 09:22:15 2023 .qareporc H 123 Fri Feb 5 15:51:00 2021 .gnucash DH 0 Sun Dec 29 11:33:23 2019 ipv6.html N 22650 Tue Dec 29 12:35:25 2009 CV muzikaal.odt N 11374 Sat May 28 09:04:16 2016 Picture1.jpg N 118784 Tue Dec 29 12:35:24 2009 atl.dll N 73785 Tue Dec 29 12:35:24 2009 IP-Masquerade-HOWTO-5.html N 22228 Tue Dec 29 12:35:24 2009 montage.pdf N 5889267 Fri Jan 10 09:31:57 2014 vis.mp3 N 160344 Tue Dec 29 12:35:25 2009 index.php N 72003 Tue Dec 29 12:35:25 2009 DATA D 0 Mon Jul 27 11:15:39 2020 .VirtualBox DH 0 Fri Jul 7 14:16:33 2023 etc.... smb: \> quit Repeated same smbclient test from my desktop PC to this new server, with similar results. Samba OK for this version in M9. Note: I didn't see 4.18.5 in Core/Updates/Testing
Whiteboard: MGA8TOO MGA9TOO MGA8-64-OK => MGA8TOO MGA9TOO MGA8-64-OK MGA9-64-OK
> I suppose the version to be tested for M9 is 4.17.10 ????? Yes. > Note: I didn't see 4.18.5 in Core/Updates/Testing Cauldron has been in version freeze since 4.18.0 was released, so we won't upgrade to 4.18 (maybe 4.19?) until Cauldron re-opens. Thank you for testing.
Status: NEW => ASSIGNED
Cauldron/mga9 packages moved to release
Version: Cauldron => 8
Whiteboard: MGA8TOO MGA9TOO MGA8-64-OK MGA9-64-OK => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0247.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED