CVE-2019-10197 (https://nvd.nist.gov/vuln/detail/CVE-2019-10197): A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c17eeecbb77bd4261551766336a0e7a853fa490b commit c17eeecbb77bd4261551766336a0e7a853fa490b Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-09-06 07:10:03 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-09-06 07:10:03 +0000 net-fs/samba: Security bump to versions 4.9.13 and 4.10.8 Bug: https://bugs.gentoo.org/693558 Package-Manager: Portage-2.3.75, Repoman-2.3.17 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-fs/samba/Manifest | 2 + net-fs/samba/samba-4.10.8.ebuild | 314 +++++++++++++++++++++++++++++++++++++++ net-fs/samba/samba-4.9.13.ebuild | 307 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 623 insertions(+)
@ maintainer(s): Please call for stabilization! Note that 4.11.1 is first stable release so I would suggest jumping to =net-fs/samba-4.11.1!
@ maintainers: ping.
What do you need from us? Stabilization is ongoing in bug 704998
(In reply to Ben Kohler from comment #4) > What do you need from us? Stabilization is ongoing in bug 704998 Did not catch a new bug had been filed (I had assumed that 4.9.x or 4.10.x could be stablised with a fix). 4.11.x is fine
*** Bug 712252 has been marked as a duplicate of this bug. ***
Tested on arm64 (=net-fs/samba-4.11.6-r2) at request of Soap with a few shares. Built and worked fine. Was not able to run tests due to RESTRICT in ebuild.
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 202003-52 at https://security.gentoo.org/glsa/202003-52 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
samba dropped to ~hppa, the remaining libs will be stabilized as needed. sparc stable.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6b3622c3f0671c5f53f415c461dd3792e6fb388 commit d6b3622c3f0671c5f53f415c461dd3792e6fb388 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-03-26 18:53:42 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-03-26 18:54:11 +0000 net-fs/samba (and deps): Stable for arm64 Tested-by: sam_c (Security Padawan) <sam@cmpct.info> Bug: https://bugs.gentoo.org/693558 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-fs/samba/samba-4.11.6-r2.ebuild | 2 +- sys-libs/ldb/ldb-2.0.8.ebuild | 2 +- sys-libs/talloc/talloc-2.3.1.ebuild | 2 +- sys-libs/tdb/tdb-1.4.3.ebuild | 2 +- sys-libs/tevent/tevent-0.10.2.ebuild | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83b750b0219c89cfb129250989508218559ac863 commit 83b750b0219c89cfb129250989508218559ac863 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-03-26 18:58:47 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-03-26 19:06:33 +0000 net-fs/samba: Security cleanup Bug: https://bugs.gentoo.org/693558 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-fs/samba/Manifest | 10 - net-fs/samba/files/nmbd.service | 12 - .../samba-4.10.0-disable_gnutls_build_fix.patch | 32 --- .../samba/files/samba-4.5.1-compile_et_fix.patch | 16 -- .../files/samba-4.8.6-no-pydsdb-when-no-addc.patch | 36 --- net-fs/samba/files/samba-glibc-2.26-no_rpc.patch | 14 - net-fs/samba/files/samba.service | 10 - net-fs/samba/files/smbd.service | 12 - net-fs/samba/files/smbd.socket | 9 - net-fs/samba/files/smbd_at.service | 7 - net-fs/samba/files/talloc-disable-python.patch | 34 --- net-fs/samba/files/winbindd.service | 12 - net-fs/samba/samba-4.10.11.ebuild | 317 --------------------- net-fs/samba/samba-4.10.13.ebuild | 317 --------------------- net-fs/samba/samba-4.10.2-r1.ebuild | 310 -------------------- net-fs/samba/samba-4.11.4.ebuild | 313 -------------------- net-fs/samba/samba-4.11.6.ebuild | 313 -------------------- net-fs/samba/samba-4.5.16-r1.ebuild | 297 ------------------- net-fs/samba/samba-4.8.12.ebuild | 306 -------------------- net-fs/samba/samba-4.8.6-r4.ebuild | 290 ------------------- net-fs/samba/samba-4.8.6-r5.ebuild | 304 -------------------- net-fs/samba/samba-4.9.17.ebuild | 310 -------------------- net-fs/samba/samba-4.9.18.ebuild | 310 -------------------- 23 files changed, 3591 deletions(-)
Tree is clean, glsa done, closing.