Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 719120 (CVE-2020-10700, CVE-2020-10704) - <net-fs/samba-{4.11.8,4.12.2}: Multiple vulnerabilities (CVE-2020-{10700,10704})
Summary: <net-fs/samba-{4.11.8,4.12.2}: Multiple vulnerabilities (CVE-2020-{10700,10704})
Status: RESOLVED FIXED
Alias: CVE-2020-10700, CVE-2020-10704
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://lists.samba.org/archive/samba...
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on: CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
Blocks:
  Show dependency tree
 
Reported: 2020-04-23 20:03 UTC by Sam James
Modified: 2020-07-26 23:55 UTC (History)
1 user (show)

See Also:
Package list:
=net-fs/samba-4.11.8 amd64 arm arm64 ppc ppc64 sparc x86 =sys-libs/ldb-2.0.10 amd64 arm arm64 ppc ppc64 sparc x86
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-23 20:03:42 UTC
From samba-announce:
"Hi,

this is a heads-up that there will be Samba security updates on
Tuesday, April 28th 2020. Please make sure that your Samba AD DCs
will be updated soon after the release!

Impacted components:

o AD DC (CVSS 7.5, high)

Cheers,
Karolin"

----
Placeholder bug.


@maintainer(s), please ignore this bug if you are already aware of an internal version. Thanks.
Comment 1 Sam James archtester gentoo-dev Security 2020-04-28 14:44:28 UTC
From URL:
o  CVE-2020-10700:
  A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
  use-after-free in Samba's AD DC LDAP server.
o  CVE-2020-10704:
  A deeply nested filter in an un-authenticated LDAP search can exhaust the
  LDAP server's stack memory causing a SIGSEGV.

----
Advisories:
https://www.samba.org/samba/security/CVE-2020-10700.html
https://www.samba.org/samba/security/CVE-2020-10704.html
Comment 2 Sam James archtester gentoo-dev Security 2020-04-28 14:44:57 UTC
@maintainer(s), please bump to 4.12.2, 4.11.8, 4.10.15.
Comment 3 Larry the Git Cow gentoo-dev 2020-04-29 09:38:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4afede92da41b093bdbb6aa0581e8d5a0a25fb5f

commit 4afede92da41b093bdbb6aa0581e8d5a0a25fb5f
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-04-29 09:38:01 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-04-29 09:38:36 +0000

    net-fs/samba: Security bump to versions 4.11.8 and 4.12.2
    
    Bug: https://bugs.gentoo.org/719120
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest            |   2 +
 net-fs/samba/samba-4.11.8.ebuild | 314 +++++++++++++++++++++++++++++++++++++++
 net-fs/samba/samba-4.12.2.ebuild | 312 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 628 insertions(+)
Comment 4 Lars Wendler (Polynomial-C) gentoo-dev 2020-04-29 09:40:31 UTC
(In reply to Sam James (sec padawan) from comment #2)
> @maintainer(s), please bump to 4.12.2, 4.11.8, 4.10.15.

We're no longer providing samba-4.10.x
Comment 5 NATTkA bot gentoo-dev 2020-04-29 09:45:35 UTC
Sanity check failed:

> net-fs/samba-4.11.8
>   depend amd64 stable profile default/linux/amd64/17.0 (22 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_32(-),abi_x86_64(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   depend amd64 stable profile default/linux/amd64/17.0/no-multilib (6 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_64(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (1 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_64(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   depend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_32(-),abi_x86_64(-),abi_x86_x32(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   rdepend amd64 stable profile default/linux/amd64/17.0 (22 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_32(-),abi_x86_64(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   rdepend amd64 stable profile default/linux/amd64/17.0/no-multilib (6 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_64(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (1 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_64(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_32(-),abi_x86_64(-),abi_x86_x32(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   depend arm stable profile default/linux/arm/17.0 (28 total)
>     >=sys-libs/ldb-2.0.10[ldap(+),python,python_single_target_python3_6(-)]
>   depend arm dev profile default/linux/arm/17.0/armv4 (33 total)
>     >=sys-libs/ldb-2.0.10[ldap(+),python,python_single_target_python3_6(-)]
>   rdepend arm stable profile default/linux/arm/17.0 (28 total)
>     >=sys-libs/ldb-2.0.10[ldap(+),python,python_single_target_python3_6(-)]
>   rdepend arm dev profile default/linux/arm/17.0/armv4 (33 total)
>     >=sys-libs/ldb-2.0.10[ldap(+),python,python_single_target_python3_6(-)]
>   depend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=sys-libs/ldb-2.0.10[ldap(+),python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   rdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=sys-libs/ldb-2.0.10[ldap(+),python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   depend x86 stable profile default/linux/x86/17.0 (11 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_32(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
>   rdepend x86 stable profile default/linux/x86/17.0 (11 total)
>     >=sys-libs/ldb-2.0.10[abi_x86_32(-),ldap(+),python,python_single_target_python3_6(-),python_single_target_python3_7(-)]
Comment 6 NATTkA bot gentoo-dev 2020-04-29 09:57:16 UTC
All sanity-check issues have been resolved
Comment 7 Sam James archtester gentoo-dev Security 2020-05-01 08:44:24 UTC
arm64 stable
Comment 8 Sergei Trofimovich gentoo-dev 2020-05-06 08:02:44 UTC
ppc/ppc64 stable
Comment 9 Thomas Deutschmann gentoo-dev Security 2020-05-14 21:30:36 UTC
x86 stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-05-23 20:36:18 UTC
amd64 stable
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2020-06-04 02:26:39 UTC
Please finish stabilization
- arm
- sparc
Comment 12 Sam James archtester gentoo-dev Security 2020-06-09 20:11:30 UTC
arm stable
Comment 13 Rolf Eike Beer 2020-06-24 17:44:31 UTC
sparc stable
Comment 14 Sam James archtester gentoo-dev Security 2020-06-24 22:33:11 UTC
Please cleanup.
Comment 15 Larry the Git Cow gentoo-dev 2020-06-25 08:34:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b32c611babc168729365872f34b036c3e85e4d03

commit b32c611babc168729365872f34b036c3e85e4d03
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-06-25 08:30:39 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-06-25 08:34:42 +0000

    net-fs/samba: Security cleanup
    
    Bug: https://bugs.gentoo.org/719120
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest               |   1 -
 net-fs/samba/samba-4.11.6-r2.ebuild | 316 ------------------------------------
 2 files changed, 317 deletions(-)
Comment 16 Sam James archtester gentoo-dev Security 2020-07-26 05:09:31 UTC
GLSA vote: yes!
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:55:04 UTC
This issue was resolved and addressed in
 GLSA 202007-15 at https://security.gentoo.org/glsa/202007-15
by GLSA coordinator Sam James (sam_c).