Summary: | <net-fs/samba-4.5.16: multiple vulnerabilities (CVE-2018-{1050,1057}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | samba |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
=net-fs/samba-4.5.16
=sys-libs/ldb-1.1.29-r1
=sys-libs/tdb-1.3.13
=sys-libs/tevent-0.9.31-r1
=sys-libs/talloc-2.1.9
=net-dns/resolv_wrapper-1.1.5
=net-libs/socket_wrapper-1.1.7
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 619516, 639024 |
Description
GLSAMaker/CVETool Bot
2018-03-13 12:24:50 UTC
CVE-2018-1057 requires net-fs/samba[addc] and can be mitigated by revoking the change passwords right for everyone from all user objects (including computers) in the directory. Note that this will prevent users from being able to change their own expired passwords, so the maximum password age should be set to a value that prevents user passwords from expiring while the workaround is in place. commit 3ca0d7eafa0c269fe1ba2f598b2fa1d7aac796e9 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Tue Mar 13 11:53:37 2018 net-fs/samba: Security bump to versions 4.5.16, 4.6.14 and 4.7.6 Package-Manager: Portage-2.3.24, Repoman-2.3.6 An automated check of this bug failed - repoman reported dependency errors (51 lines truncated):
> dependency.bad net-fs/samba/samba-4.5.16.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=sys-libs/ldb-1.1.27[ldap(+)?,python(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/talloc-2.1.8[python,python_targets_python2_7(-)?,-python_single_target_jython2_7(-),-python_single_target_pypy(-),-python_single_target_pypy3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-),python_single_target_python2_7(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/tdb-1.3.10[python,python_targets_python2_7(-)?,-python_single_target_jython2_7(-),-python_single_target_pypy(-),-python_single_target_pypy3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-),python_single_target_python2_7(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/tevent-0.9.31-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=net-dns/resolv_wrapper-1.1.4', '>=net-libs/socket_wrapper-1.1.7']
> dependency.bad net-fs/samba/samba-4.5.16.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=sys-libs/ldb-1.1.27[ldap(+)?,python(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/talloc-2.1.8[python,python_targets_python2_7(-)?,-python_single_target_jython2_7(-),-python_single_target_pypy(-),-python_single_target_pypy3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-),python_single_target_python2_7(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/tdb-1.3.10[python,python_targets_python2_7(-)?,-python_single_target_jython2_7(-),-python_single_target_pypy(-),-python_single_target_pypy3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-),python_single_target_python2_7(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/tevent-0.9.31-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.badindev net-fs/samba/samba-4.5.16.ebuild: DEPEND: arm(default/linux/arm/13.0/armv4) ['>=sys-libs/ldb-1.1.27[ldap(+)?,python(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/talloc-2.1.8[python,python_targets_python2_7(-)?,-python_single_target_jython2_7(-),-python_single_target_pypy(-),-python_single_target_pypy3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-),python_single_target_python2_7(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/tdb-1.3.10[python,python_targets_python2_7(-)?,-python_single_target_jython2_7(-),-python_single_target_pypy(-),-python_single_target_pypy3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-),python_single_target_python2_7(+),abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=sys-libs/tevent-0.9.31-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=net-dns/resolv_wrapper-1.1.4', '>=net-libs/socket_wrapper-1.1.7']
@arches: Test suite will most likely fail. Just do a compile check. An automated check of this bug succeeded - the previous repoman errors are now resolved. x86 stable amd64 stable commit 678b0b2821c90defe2796a02b8206ad386311e88 Author: Rolf Eike Beer <eike@sf-mail.de> Date: Wed Mar 14 19:34:55 2018 +0100 net-fs/samba: stable 4.5.16 for sparc, bug #650382 ia64 stable ppc/ppc64 stable alpha stable Cc'ing hppa@ actually, since hppa has no keywords we don't need to block security. I'll just stabilize this at some point later. arm stable (In reply to Matt Turner from comment #13) > actually, since hppa has no keywords we don't need to block security. I'll > just stabilize this at some point later. hppa has keywords on 4.5.16 and is stable on 4.2.14. hppa is now exp. @maintainer(s), please clean vulnerable. This issue was resolved and addressed in GLSA 201805-07 at https://security.gentoo.org/glsa/201805-07 by GLSA coordinator Aaron Bauman (b-man). |