Bug 43679 - Samba: Multiple issues (3.3)
Samba: Multiple issues (3.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.3
Other Linux
: P1 normal (vote)
: UCS 3.3-1-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on: 43678
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-01 10:57 CET by Arvid Requate
Modified: 2017-03-23 13:25 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments
4.4-racefix.diff (21.70 KB, patch)
2017-03-06 21:13 CET, Arvid Requate
Details | Diff
99_sambabug12387.quilt (1.32 KB, application/mbox)
2017-03-16 20:55 CET, Arvid Requate
Details
99_sambabug12499.quilt (1.11 KB, application/mbox)
2017-03-16 20:56 CET, Arvid Requate
Details
99_sambabug12531.quilt (76.73 KB, application/mbox)
2017-03-16 21:01 CET, Arvid Requate
Details
99_sambabug12546.quilt (1.84 KB, application/mbox)
2017-03-16 21:01 CET, Arvid Requate
Details
99_sambabug12591.quilt (4.76 KB, application/mbox)
2017-03-16 21:02 CET, Arvid Requate
Details
4-2-total-fix (111.03 KB, application/mbox)
2017-03-16 21:04 CET, Arvid Requate
Details
git-am fix for 4.3.13 (v3) (110.00 KB, application/mbox)
2017-03-20 15:04 CET, Arvid Requate
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-03-01 10:57:24 CET
+++ This bug was initially created as a clone of Bug #43678 +++

A security update for Samba is planned. Deadline is 2017-03-29.

* Symlink race allows access outside share definition (CVE-2017-2619).

In UCS 3.3 we currently ship Samba 4.3.7.

As far as communicated, there will be backports for Samba 4.2 but there has been no mention of backports for 4.3. The 4.2 backports are announced to contain "a large set of supporting fixes".
Comment 4 Arvid Requate univentionstaff 2017-03-16 20:55:35 CET
Created attachment 8561 [details]
99_sambabug12387.quilt

Applies
Comment 5 Arvid Requate univentionstaff 2017-03-16 20:56:15 CET
Created attachment 8562 [details]
99_sambabug12499.quilt

Applies
Comment 6 Arvid Requate univentionstaff 2017-03-16 21:01:08 CET
Created attachment 8563 [details]
99_sambabug12531.quilt

Doesn't apply, due to differing paths and missing functions:

* source3/lib/util_path.c -> source3/lib/util.c
* source3/lib/util_path.h -> source3/include/proto.h
* function canonicalize_absolute_path doesn't exist yet in Samba 4.3.7
* maybe other things.

Maybe we can learn something from the 4-2-total-fix (I'll attach that below).
Comment 7 Arvid Requate univentionstaff 2017-03-16 21:01:38 CET
Created attachment 8564 [details]
99_sambabug12546.quilt

Applies
Comment 8 Arvid Requate univentionstaff 2017-03-16 21:02:31 CET
Created attachment 8565 [details]
99_sambabug12591.quilt

Applies
Comment 10 Arvid Requate univentionstaff 2017-03-17 21:41:09 CET
Ok, I've fiddled 99_sambabug12531.quilt though git-am and squashed it.
I've also send the patch set for Samba 4.3.13 upstream.

errata3.3-1 Advisory: samba.yaml
Comment 11 Arvid Requate univentionstaff 2017-03-20 15:04:38 CET
Created attachment 8593 [details]
git-am fix for 4.3.13 (v3)

I've upstreamed this backported git-am patch series:
  https://bugzilla.samba.org/show_bug.cgi?id=12496#c142

Samba has been rebuilt and the advisory is updated.
Comment 12 Felix Botner univentionstaff 2017-03-22 18:35:02 CET
 OK patches
 OK update
 OK installation
 OK ucs install / join
 OK win join, logon
 OK user sync, password sync
 OK shares
 OK gpo
 OK patches
 OK printer
 OK YAML
Comment 13 Janek Walkenhorst univentionstaff 2017-03-23 13:06:50 CET
<http://errata.software-univention.de/ucs/3.3/31.html>