Bug 54370 - samba: Multiple issues (4.4)
samba: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-8-errata
Assigned To: Erik Damrose
Julia Bremer
:
Depends on: 54369
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-24 10:52 CET by Erik Damrose
Modified: 2022-03-21 12:03 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C


Attachments
advisory (660 bytes, application/x-yaml)
2022-01-26 15:49 CET, Erik Damrose
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2022-01-24 10:52:03 CET
Check backport to 4.4-8

+++ This bug was initially created as a clone of Bug #54369 +++

Security update scheduled for January 31st 2022.

* https://bugzilla.samba.org/show_bug.cgi?id=14911 
UNIX extensions in SMB1 disclose whether the outside target of a symlink exists (CVE-2021-44141)
CVSS:AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:N/MAC:L/MPR:L/MUI:N/MS:U/MC:H/MI:N/MA:N Base score 4.2.

* https://bugzilla.samba.org/show_bug.cgi?id=14950
Re-adding an SPN skips subsequent SPN conflict checks (CVE-2022-0336)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base score 8.8.

* https://bugzilla.samba.org/show_bug.cgi?id=14914
Out-of-Bound Read/Write on Samba vfs_fruit module  (CVE-2021-44142)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C Base score 9.9.
-> The module is not enabled by default on UCS
Comment 1 Erik Damrose univentionstaff 2022-01-25 18:44:13 CET
Same as on bug 54369, CVE-2021-44141 patch differs to much, is too invasive and cannot be backported to samba 4.13. This is the same issue we had with the previous fix at bug 54015. Upstream bug mentions that other vendors have the same issue and will not backport this fix.

Patches for the other issues added in svn r19510
98_CVE-2021-44142-v4.11.14-bug-14914.quilt (tests had to be deactivated in order to compile samba successfully)
98_CVE-2022-0336-v4-12-bug-14950.quilt

samba 2:4.10.18-1A~4.4.0.202201251735
Comment 2 Erik Damrose univentionstaff 2022-01-26 15:49:03 CET
Created attachment 10908 [details]
advisory
Comment 3 Julia Bremer univentionstaff 2022-01-27 16:17:12 CET
Patches applied: OK
Advisory: OK
Automatic Tests: OK
Verified