Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 730472 (CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303) - <net-fs/samba-4.11.11: Multiple vulnerabilities (CVE-2020-{10730,10745,10760,14303})
Summary: <net-fs/samba-4.11.11: Multiple vulnerabilities (CVE-2020-{10730,10745,10760,...
Status: RESOLVED FIXED
Alias: CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://lists.samba.org/archive/samba...
Whiteboard: B3 [glsa+ cve]
Keywords: CC-ARCHES
Depends on:
Blocks: CVE-2020-10700, CVE-2020-10704
  Show dependency tree
 
Reported: 2020-07-02 17:49 UTC by John Helmert III
Modified: 2020-07-27 19:05 UTC (History)
2 users (show)

See Also:
Package list:
net-fs/samba-4.11.11 amd64 arm ppc x86 sys-libs/ldb-2.0.12 amd64 arm ppc x86
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-07-02 17:49:12 UTC
From URL:

o  CVE-2020-10730:
   A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
   de-reference and further combinations with the LDAP paged_results feature can
   give a use-after-free in Samba's AD DC LDAP server.

o  CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
   excessive CPU.

o  CVE-2020-10760:
   The use of the paged_results or VLV controls against the Global Catalog LDAP
   server on the AD DC will cause a use-after-free.

o  CVE-2020-14303:
   The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
   further requests once it receives an empty (zero-length) UDP packet to
   port 137.


Looks like we need a bump to 4.12.4 and a bump to 4.11.11.
Comment 1 Larry the Git Cow gentoo-dev 2020-07-02 19:38:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4fe0c91aca3ab87754160d4f8a89a4d3688adfb

commit c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-02 19:29:26 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-02 19:38:15 +0000

    net-fs/samba: Security bump to versions 4.11.11 and 4.12.4
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest             |   2 +
 net-fs/samba/samba-4.11.11.ebuild | 318 ++++++++++++++++++++++++++++++++++++++
 net-fs/samba/samba-4.12.4.ebuild  | 316 +++++++++++++++++++++++++++++++++++++
 3 files changed, 636 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-07-02 22:20:10 UTC
(In reply to Larry the Git Cow from comment #1)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
> 
> commit c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
> Author:     Lars Wendler <polynomial-c@gentoo.org>
> AuthorDate: 2020-07-02 19:29:26 +0000
> Commit:     Lars Wendler <polynomial-c@gentoo.org>
> CommitDate: 2020-07-02 19:38:15 +0000
> 
>     net-fs/samba: Security bump to versions 4.11.11 and 4.12.4
>     
>     Bug: https://bugs.gentoo.org/730472
>     Package-Manager: Portage-2.3.103, Repoman-2.3.23
>     Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
> 
>  net-fs/samba/Manifest             |   2 +
>  net-fs/samba/samba-4.11.11.ebuild | 318
> ++++++++++++++++++++++++++++++++++++++
>  net-fs/samba/samba-4.12.4.ebuild  | 316
> +++++++++++++++++++++++++++++++++++++
>  3 files changed, 636 insertions(+)

Thanks! CCing arches.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-04 12:58:24 UTC
arm64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2020-07-05 08:58:34 UTC
ppc64 stable
Comment 5 Rolf Eike Beer archtester 2020-07-06 16:49:18 UTC
sparc stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-12 13:59:13 UTC
arm stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 03:28:54 UTC
ppc stable
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-18 00:30:18 UTC
x86 stable
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-18 16:43:25 UTC
amd64 stable. Please cleanup.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:55:14 UTC
This issue was resolved and addressed in
 GLSA 202007-15 at https://security.gentoo.org/glsa/202007-15
by GLSA coordinator Sam James (sam_c).
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-27 01:15:53 UTC
(In reply to GLSAMaker/CVETool Bot from comment #10)
> This issue was resolved and addressed in
>  GLSA 202007-15 at https://security.gentoo.org/glsa/202007-15
> by GLSA coordinator Sam James (sam_c).

Reopening for cleanup.
Comment 12 Larry the Git Cow gentoo-dev 2020-07-27 19:02:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4846a34e18629746a1b06a162b2b12e530d6dcfe

commit 4846a34e18629746a1b06a162b2b12e530d6dcfe
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-27 19:01:56 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-27 19:02:31 +0000

    sys-libs/ldb: Security cleanup
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 sys-libs/ldb/Manifest          |   1 -
 sys-libs/ldb/ldb-2.0.10.ebuild | 108 -----------------------------------------
 2 files changed, 109 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=519b96d13806d2ced7b374ea263c51cfdcb9e03c

commit 519b96d13806d2ced7b374ea263c51cfdcb9e03c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-27 18:58:29 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-27 19:02:31 +0000

    net-fs/samba: Security cleanup
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest               |   3 -
 net-fs/samba/samba-4.11.8.ebuild    | 314 -----------------------------------
 net-fs/samba/samba-4.11.9-r1.ebuild | 318 ------------------------------------
 net-fs/samba/samba-4.12.3-r1.ebuild | 316 -----------------------------------
 4 files changed, 951 deletions(-)
Comment 13 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-27 19:05:21 UTC
All done, thanks!