First Last Prev Next    This bug is not in your last search results.
Bug 40853 - Samba: Multiple issues (3.2)
Samba: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P4 normal (vote)
: UCS 3.2-8-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-07 21:18 CET by Arvid Requate
Modified: 2016-03-08 18:00 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-03-07 21:18:02 CET 
The patch for CVE-2015-5252 introduced via Bug 40223 causes a regression for the special share path "/", see https://bugzilla.samba.org/show_bug.cgi?id=11647.


Additionally, there will be a security update on the 8th of March, currently embargoed:

* Getting and setting Windows ACLs on symlinks can change permissions on link target (CVE-2015-7560)
Comment 1 Arvid Requate univentionstaff 2016-03-07 21:52:36 CET 
Unfortunately 99_sambabug11647.patch doesn't work with repo-ng + dpkg-buildpackage + quilt, apparently because it adjusts changes that 99_sambabug11395.patch has made. It's somehow related to patch order but I was unable to find a workaround in reasonable time. Since the issue is a corner case and not security related, we'll leave it at that currently. It's more important to get the CVE-2015-7560 fix out in a timely fashion.

Advisory: samba.yaml
Comment 2 Arvid Requate univentionstaff 2016-03-07 22:05:18 CET 
The build failed again..
Comment 3 Arvid Requate univentionstaff 2016-03-07 22:19:57 CET 
I adjusted part7 and part8 of the patch for CVE-2015-7560. This is necessary because this upstream change is missing in UCS: https://git.samba.org/?p=samba.git;a=commit;h=569a4e10d9e063f79ed51a4381df80c19904d9bd .

Advisory updated.
Comment 4 Arvid Requate univentionstaff 2016-03-08 12:55:43 CET 
Another patch had to be backported I called it 99_CVE-2015-7560-part0.patch.

Advisory updated.
Comment 5 Felix Botner univentionstaff 2016-03-08 16:52:48 CET 
OK - built with patches
OK - installation
OK - simple samba tests (windows join, share access)
OK - ucs-test samba4

OK - YAML
Comment 6 Janek Walkenhorst univentionstaff 2016-03-08 18:00:48 CET 
<http://errata.software-univention.de/ucs/3.2/408.html>
First Last Prev Next    This bug is not in your last search results.