915867 – (CVE-2023-5568) <net-fs/samba-4.19.2: multiple vulnerabilities

Bug 915867 (CVE-2023-5568) - <net-fs/samba-4.19.2: multiple vulnerabilities

Summary: <net-fs/samba-4.19.2: multiple vulnerabilities

Status:	UNCONFIRMED

Alias:	CVE-2023-5568

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	https://www.samba.org/samba/history/s...
Whiteboard:	C3 [stable?]
Keywords:

Depends on:
Blocks:

Reported:	2023-10-16 20:58 UTC by Krzysztof Olędzki
Modified:	2023-10-23 04:48 UTC (History)
CC List:	2 users (show)

See Also:	https://bugzilla.samba.org/show_bug.cgi?id=15491 https://bugzilla.samba.org/show_bug.cgi?id=15464 CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669, CVE-2023-42670
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Krzysztof Olędzki 2023-10-16 20:58:01 UTC

==============================
                   Release Notes for Samba 4.19.2
                          October 16, 2023
                   ==============================


This is the latest stable release of the Samba 4.19 release series.


Changes since 4.19.1
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown
     after failed IPC FSCTL_PIPE_TRANSCEIVE.
   * BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown()
     call.

o  Ralph Boehme <slow@samba.org>
   * BUG 15463: macOS mdfind returns only 50 results.

o  Volker Lendecke <vl@samba.org>
   * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
     previous cache entry value.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
     impacts sendmail, zabbix, potentially more.

o  Martin Schwenke <mschwenke@ddn.com>
   * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the
     Heimdal KDC in Samba 4.19
   * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
     in use.

Comment 1 Krzysztof Olędzki 2023-10-16 20:58:19 UTC

CVE-2023-5568: https://bugzilla.samba.org/show_bug.cgi?id=15491

Comment 2 Krzysztof Olędzki 2023-10-16 21:03:11 UTC

Looking at https://bugzilla.samba.org/show_bug.cgi?id=15491, we probably don't need a GLSA, but both samba-4.19.0-r1.ebuild and samba-4.19.1.ebuild should be dropped once samba-4.19.2.ebuild gets added.


Especially that another important change in this release is fixing https://bugzilla.samba.org/show_bug.cgi?id=15464: libnss_winbind memory corruption. For samba-4.18 it was fixed in samba-4.18.8 which was released a week ago, but for samba-4.19 this is the first usable version for systems using libnss_winbind.

Comment 3 Sam James archtester

2023-10-17 19:52:18 UTC

I really think you should consider proxy maintaining this given you're on top of what needs to be done.

Comment 4 Larry the Git Cow gentoo-dev

2023-10-18 12:25:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75c0e03f350aa2025ba1b08171fcad66522614b8

commit 75c0e03f350aa2025ba1b08171fcad66522614b8
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2023-10-18 12:24:44 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2023-10-18 12:25:33 +0000

    net-fs/samba: add 4.19.2
    
    Bug: https://bugs.gentoo.org/915867
    
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-fs/samba/Manifest            |   1 +
 net-fs/samba/samba-4.19.2.ebuild | 382 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 383 insertions(+)