Debian Bug report logs -
#749845
samba CVE-2014-0239 Potential DOS in Samba internal DNS server
Reported by: Ivo De Decker <ivo.dedecker@ugent.be>
Date: Fri, 30 May 2014 07:57:02 UTC
Severity: important
Found in version samba/2:4.0.6+dfsg-1
Fixed in version samba/2:4.1.8+dfsg-1
Done: Ivo De Decker <ivo.dedecker@ugent.be>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#749845; Package samba.
(Fri, 30 May 2014 07:57:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Ivo De Decker <ivo.dedecker@ugent.be>:
New Bug report received and forwarded. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Fri, 30 May 2014 07:57:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: samba
severity: important
version: 2:4.0.6+dfsg-1
The next samba 4.1 release (planned june 3) should contain the fix for
CVE-2014-0239: Potential DOS in Samba internal DNS server
http://www.samba.org/samba/security/CVE-2014-0239
Ivo
Added tag(s) pending.
Request was from Ivo De Decker <ivo.dedecker@ugent.be>
to control@bugs.debian.org.
(Tue, 03 Jun 2014 20:18:19 GMT) (full text, mbox, link).
Message sent on
to Ivo De Decker <ivo.dedecker@ugent.be>:
Bug#749845.
(Tue, 03 Jun 2014 20:18:23 GMT) (full text, mbox, link).
Message #10 received at 749845-submitter@bugs.debian.org (full text, mbox, reply):
tag 749845 pending
thanks
Hello,
Bug #749845 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=727a9b3
---
commit 727a9b34671607edacfb9059e382ce83b257c476
Author: Ivo De Decker <ivo.dedecker@ugent.be>
Date: Tue Jun 3 21:35:19 2014 +0200
update changelog for upstream version 4.1.8
diff --git a/debian/changelog b/debian/changelog
index 493380b..4f0e1d7a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-samba (2:4.1.7+dfsg-3) UNRELEASED; urgency=medium
+samba (2:4.1.8+dfsg-1) UNRELEASED; urgency=medium
[ Jelmer Vernooij ]
* Remove smbd and nmbd from required-start and required-stop in
@@ -6,6 +6,9 @@ samba (2:4.1.7+dfsg-3) UNRELEASED; urgency=medium
[ Ivo De Decker ]
* Remove workaround for #745233.
+ * New upstream release. Fixes:
+ - CVE-2014-0239: dns: Don't reply to replies. Closes: #749845
+ - CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response.
-- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Apr 2014 22:12:12 +0200
Reply sent
to Ivo De Decker <ivo.dedecker@ugent.be>:
You have taken responsibility.
(Sun, 08 Jun 2014 22:09:21 GMT) (full text, mbox, link).
Notification sent
to Ivo De Decker <ivo.dedecker@ugent.be>:
Bug acknowledged by developer.
(Sun, 08 Jun 2014 22:09:21 GMT) (full text, mbox, link).
Message #15 received at 749845-close@bugs.debian.org (full text, mbox, reply):
Source: samba
Source-Version: 2:4.1.8+dfsg-1
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 749845@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ivo De Decker <ivo.dedecker@ugent.be> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 08 Jun 2014 23:37:53 +0200
Source: samba
Binary: samba samba-libs samba-common samba-common-bin smbclient samba-testsuite registry-tools libparse-pidl-perl samba-dev samba-doc python-samba samba-dsdb-modules samba-vfs-modules libpam-smbpass libsmbclient libsmbclient-dev libsmbsharemodes0 libsmbsharemodes-dev winbind libpam-winbind libnss-winbind samba-dbg libwbclient0 libwbclient-dev
Architecture: source amd64 all
Version: 2:4.1.8+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Ivo De Decker <ivo.dedecker@ugent.be>
Description:
libnss-winbind - Samba nameservice integration plugins
libpam-smbpass - pluggable authentication module for Samba
libpam-winbind - Windows domain authentication integration plugin
libparse-pidl-perl - IDL compiler written in Perl
libsmbclient - shared library for communication with SMB/CIFS servers
libsmbclient-dev - development files for libsmbclient
libsmbsharemodes-dev - development files for libsmbsharemodes
libsmbsharemodes0 - shared library for non-samba access to the samba 'share modes' da
libwbclient-dev - Samba winbind client library - development files
libwbclient0 - Samba winbind client library
python-samba - Python bindings for Samba
registry-tools - tools for viewing and manipulating the Windows registry
samba - SMB/CIFS file, print, and login server for Unix
samba-common - common files used by both the Samba server and client
samba-common-bin - Samba common files used by both the server and the client
samba-dbg - Samba debugging symbols
samba-dev - tools for extending Samba
samba-doc - Samba documentation
samba-dsdb-modules - Samba Directory Services Database
samba-libs - Samba core libraries
samba-testsuite - test suite from Samba
samba-vfs-modules - Samba Virtual FileSystem plugins
smbclient - command-line SMB/CIFS clients for Unix
winbind - service to resolve user and group information from Windows NT ser
Closes: 739887 749845 750541 750796
Changes:
samba (2:4.1.8+dfsg-1) unstable; urgency=medium
.
[ Jelmer Vernooij ]
* Remove smbd and nmbd from required-start and required-stop in
samba.init. Closes: #739887
.
[ Ivo De Decker ]
* Remove workaround for #745233.
* New upstream release. Fixes:
- CVE-2014-0239: dns: Don't reply to replies. Closes: #749845
- CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response.
* Use the upstream version of the smb.conf.5 manpage, instead of building
it. This is an ugly temporary workaround because xsltproc crashes on some
architectures when building this manpage (due to #750593).
This fixes the FTBFS, and should make samba installable with the new ldb
version. Closes: #750541, 750796
Checksums-Sha1:
82f391c8462928dc181c21a702a0caeb0552ef1a 4209 samba_4.1.8+dfsg-1.dsc
18a8a535d830b3b5bf982c4c35650e8883120caa 15164016 samba_4.1.8+dfsg.orig.tar.xz
8e72235a8614b9a21369a62e264626c7998868ab 211732 samba_4.1.8+dfsg-1.debian.tar.xz
dfecd492e6762f85d57bd1deff24db46e6131f7f 926188 samba_4.1.8+dfsg-1_amd64.deb
5b7cc6223a8c7d4add4d538098f1bf871ac78351 4264624 samba-libs_4.1.8+dfsg-1_amd64.deb
aeefe95a2c0a6e16a0d99ec5ce75b7303a8f9ce6 221672 samba-common_4.1.8+dfsg-1_all.deb
39c69b2b1fb2e94ef7646ce1eddb368f3e2901b7 576148 samba-common-bin_4.1.8+dfsg-1_amd64.deb
395e495a2135f259094ccbe5b0e75bee7bb21e1f 326042 smbclient_4.1.8+dfsg-1_amd64.deb
08e8f50417cc3f8f454cfaa062e0e8a19ec75d7c 1357538 samba-testsuite_4.1.8+dfsg-1_amd64.deb
059d6e2f332df87b430f990465cfcf10f2332ce5 117396 registry-tools_4.1.8+dfsg-1_amd64.deb
cbc938a025acc4077b3ddd272a0f79e06a773269 178282 libparse-pidl-perl_4.1.8+dfsg-1_amd64.deb
2b2d2baa28a0b6bb77c10171b2f990a1580d0b7c 293562 samba-dev_4.1.8+dfsg-1_amd64.deb
6a76c527b8fb90390b5b597155e107feb584e451 298894 samba-doc_4.1.8+dfsg-1_all.deb
cc84740e70bbd66bf15445dc4782d92b8fe0e5c8 969108 python-samba_4.1.8+dfsg-1_amd64.deb
3ebfbfd3d6847ad2612d721f7473ac1e76b72739 310044 samba-dsdb-modules_4.1.8+dfsg-1_amd64.deb
f73a75f9c98bc4b713c752131fa3a9947c905a18 296006 samba-vfs-modules_4.1.8+dfsg-1_amd64.deb
500d2948083d9260f04ec99482e00763fe0f0597 109842 libpam-smbpass_4.1.8+dfsg-1_amd64.deb
875d63026db20aba6e796a435fc05e1fdfda2cab 140064 libsmbclient_4.1.8+dfsg-1_amd64.deb
398f938c29e27a9c6888e50bc2a124af832d6512 127982 libsmbclient-dev_4.1.8+dfsg-1_amd64.deb
e972c98ce274927d0ba15871f1ecb6ba134d3a02 97970 libsmbsharemodes0_4.1.8+dfsg-1_amd64.deb
53d8ead7f4cc8777d33cf66f6086fcbaa7112e05 93148 libsmbsharemodes-dev_4.1.8+dfsg-1_amd64.deb
1bada147ef718b89bc97010e29bb4f57ce184fd9 487182 winbind_4.1.8+dfsg-1_amd64.deb
9d52ce6b4ce3b8d3685300a38f7a0a562e21a6a2 114494 libpam-winbind_4.1.8+dfsg-1_amd64.deb
cf7c7a3f25dec1d484b5fff84319accbe61b9916 100816 libnss-winbind_4.1.8+dfsg-1_amd64.deb
f405c47a8909f28d322dbca9b75e872eafa98d8d 27740352 samba-dbg_4.1.8+dfsg-1_amd64.deb
bc13ba12447532366de223c09a638ae027c30293 112396 libwbclient0_4.1.8+dfsg-1_amd64.deb
fea3b79509830f167defbe1485166363379776d6 99760 libwbclient-dev_4.1.8+dfsg-1_amd64.deb
Checksums-Sha256:
d220d8713d049894f712151f518e0784b6c2d14ff6ab4301dcd54249e9dbf615 4209 samba_4.1.8+dfsg-1.dsc
382301644cafa137ca5b05173a7876b3c4cb547e8746d68b35f614018d188eac 15164016 samba_4.1.8+dfsg.orig.tar.xz
6c8f23f457c12a5c379e4d4c950e4ba72c044032d5961d601f34461585ac4717 211732 samba_4.1.8+dfsg-1.debian.tar.xz
c8866cd8f165fd0e9b9c24355a68fe37678e111181a5fff5cf6221f759eb9e0a 926188 samba_4.1.8+dfsg-1_amd64.deb
3d911f6a3659a34948edd9b26a2990af64b7efc10187135287fc913d5fd5e846 4264624 samba-libs_4.1.8+dfsg-1_amd64.deb
86685a344d37a7ddf52ba139e26e47fd6e5c4021ad61317eeda9b47eab5d7d14 221672 samba-common_4.1.8+dfsg-1_all.deb
74c4dbdadb2983a20616f72cec9586b1456d53f5a63398d0db0ddd7440aa9c61 576148 samba-common-bin_4.1.8+dfsg-1_amd64.deb
2dd7f7ff87f323c980b09fc42112634dfba4f7bf5132136fe1b7d190f446530f 326042 smbclient_4.1.8+dfsg-1_amd64.deb
5ecc1e89c4e76bc368405658cf8f5dc13adfef434aa15200bc83ba243f1d76e0 1357538 samba-testsuite_4.1.8+dfsg-1_amd64.deb
c6798573137eb1f72c55bd9f561b25ebebe40448e842463a6ba60868d09c207f 117396 registry-tools_4.1.8+dfsg-1_amd64.deb
c3eeb3436757bbaeca2d2703d8e291fbadc90e51833c63fbb9bfc35de6f623d0 178282 libparse-pidl-perl_4.1.8+dfsg-1_amd64.deb
0bd325ee88f7bd0c7a6df83cea077ae55675b180e224b44fa2c933795032da16 293562 samba-dev_4.1.8+dfsg-1_amd64.deb
64cf4ba64f63bc254e0851d300ada68890b8d57c4a0994d37f6b4e7ed02ab49a 298894 samba-doc_4.1.8+dfsg-1_all.deb
a25233860913aad2a4b99ae51e5df23efd87fe43e9996573ac61fd73f2ee37d7 969108 python-samba_4.1.8+dfsg-1_amd64.deb
bc018035ac82ac173dfc056f046c7882da199a45f17a1f999fc37c87cddd5f9b 310044 samba-dsdb-modules_4.1.8+dfsg-1_amd64.deb
71ebacceb538b8217c53b56d04b4c149dc7ab18c9afc98b02bd1af5dbafde893 296006 samba-vfs-modules_4.1.8+dfsg-1_amd64.deb
bd4ed6e59539366d70ff50a5a8ca1cb0433bb04b2f33edff446d0d10c9694887 109842 libpam-smbpass_4.1.8+dfsg-1_amd64.deb
983ba01500d5a03eb77e8d0946d8d1f3f821d4ea7ea9f94197c37114cee704c0 140064 libsmbclient_4.1.8+dfsg-1_amd64.deb
7ba39e976c3b03fb4a5a2b7613067571ba9333ab537ccebafb051184f3ed9238 127982 libsmbclient-dev_4.1.8+dfsg-1_amd64.deb
21dc02a2e471e5c838621e25dae20dae11cfe5e30dc413d5dd454e24d7dc68ed 97970 libsmbsharemodes0_4.1.8+dfsg-1_amd64.deb
6c29851951267b3a4edc498ee322e70415b30ea98831c5303f90dd19cffca452 93148 libsmbsharemodes-dev_4.1.8+dfsg-1_amd64.deb
3bbb90409ac5d302f0cee9127133cc0344fc97acf1077174b98a541edf0f37db 487182 winbind_4.1.8+dfsg-1_amd64.deb
9aad463f2b2b2b8f146a84eed2c070f7ddfe64856337590ed038e85130f16296 114494 libpam-winbind_4.1.8+dfsg-1_amd64.deb
ef4a4f7c3aee87d70e6278813a431a3ba9e8b2534b7c16c349cf4f314d41a3a7 100816 libnss-winbind_4.1.8+dfsg-1_amd64.deb
ea6822c41048c00d4d9a53f7fa3d468561fc350cbb8a58013574bfb472cc539d 27740352 samba-dbg_4.1.8+dfsg-1_amd64.deb
631cf7cd96967393a5f48243ae8b31bd691d3338128a305431e8c60c8faf7bff 112396 libwbclient0_4.1.8+dfsg-1_amd64.deb
4e055ced5b113b1f803243bb744386aedb28f6aeeca6c1014492c7a706ea882c 99760 libwbclient-dev_4.1.8+dfsg-1_amd64.deb
Files:
3d250a547e2166c9640afd0d5e43c8ed 926188 net optional samba_4.1.8+dfsg-1_amd64.deb
e18683bdf21dac24f7e849cc98ef632e 4264624 libs optional samba-libs_4.1.8+dfsg-1_amd64.deb
9744df4cd89c63e67d045b986315d08b 221672 net optional samba-common_4.1.8+dfsg-1_all.deb
e1ebc9b6a6890e6b14c0e407a4eb1277 576148 net optional samba-common-bin_4.1.8+dfsg-1_amd64.deb
4882cc9e94cb95313e5db537d6082272 326042 net optional smbclient_4.1.8+dfsg-1_amd64.deb
5eea0c5ef752bcde4419b2422323f7d6 1357538 net optional samba-testsuite_4.1.8+dfsg-1_amd64.deb
f05a783c1fa611971b865149739e8cc6 117396 net optional registry-tools_4.1.8+dfsg-1_amd64.deb
2077de8b06c2b1765404d38faa56e76b 178282 perl optional libparse-pidl-perl_4.1.8+dfsg-1_amd64.deb
cb15fb192c5f8eb8af067b2df2472b63 293562 devel optional samba-dev_4.1.8+dfsg-1_amd64.deb
93374a4ddda6770244d0ec960060eac1 298894 doc optional samba-doc_4.1.8+dfsg-1_all.deb
c52b505fe9ca8d1e9c6eb34654ea508a 969108 python optional python-samba_4.1.8+dfsg-1_amd64.deb
6444be90c1c735a0a74f2db89d0339a1 310044 libs optional samba-dsdb-modules_4.1.8+dfsg-1_amd64.deb
a2518711acfc9c9f09752ba60590a0f7 296006 net optional samba-vfs-modules_4.1.8+dfsg-1_amd64.deb
a5df61731a4d2f82837eefa06b04b992 109842 admin extra libpam-smbpass_4.1.8+dfsg-1_amd64.deb
43040a0556670c021d994b0f84b60aed 140064 libs optional libsmbclient_4.1.8+dfsg-1_amd64.deb
eabaeff8edfee1a29a90e3b63636b7ae 127982 libdevel extra libsmbclient-dev_4.1.8+dfsg-1_amd64.deb
bf0a8d4a1e1b605691a83d4fd498ea7e 97970 libs optional libsmbsharemodes0_4.1.8+dfsg-1_amd64.deb
30375b79be45e3364a07e631de731863 93148 libdevel extra libsmbsharemodes-dev_4.1.8+dfsg-1_amd64.deb
6268907c57ead5e9e394abc5865b335b 487182 net optional winbind_4.1.8+dfsg-1_amd64.deb
383cc9acc5ff6bbb5bc83bf547e136ee 114494 net optional libpam-winbind_4.1.8+dfsg-1_amd64.deb
afc29adf6ee9b454fa4968db0ec0e047 100816 net optional libnss-winbind_4.1.8+dfsg-1_amd64.deb
2be6485efcd95a4e43552234f7d56e39 27740352 debug extra samba-dbg_4.1.8+dfsg-1_amd64.deb
480d3aed244bd7e07750d60dd465c472 112396 libs optional libwbclient0_4.1.8+dfsg-1_amd64.deb
78de96d9a98de5e1efe8c1470d77b2ee 99760 libdevel optional libwbclient-dev_4.1.8+dfsg-1_amd64.deb
90347169f8331b4f7a16e4b15b77aafc 4209 net optional samba_4.1.8+dfsg-1.dsc
074111b8e1d70c27840b2ead459b5175 15164016 net optional samba_4.1.8+dfsg.orig.tar.xz
5aed455ee4bb1fdb5ffe1d42e818dfb6 211732 net optional samba_4.1.8+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJTlNpKAAoJEKxAu1iXBOr8VLEP/A+oW6lO7DKh5wqX5TGO4puc
Mq0T0sKhMY96IMLvvbtLgS11iUTYBsQuo9jLc1ehUJ9i/KaJK1OJM/isGLIQk9yS
HkdxMiTABhLwvRy6tyHCM/3iGCClgLWz9XtgLgbhAYeLnT4Zo4SVhWnAfFu+Ziw9
pRdxyj+yjL5zBwwN8SYhj/h4ure6SyeXZfI5nm6bA/pigzzZSr22pKae2MehyQ1Z
e2dCuEiHvDClKdn4ooFo8aZwkWXPuPGfodBAS8BGGNPbCY3JOlUW4I+6x2y+8Tre
zR6I4DSjZdVDTAGWrnjNAXZhdDokVMBfs/w+XiMKGBlTJV2MMhxDfAGDWECepgg6
bSozHDPRXGMH1d/aXSSNV3+0ZxZKttAwR+iSfkcHglL0kgKSn8iZyFryLPXDBLyn
Lp4+zOkvOvyqfrbROeY6M8DIICMhDDE64tBio53IDXBqdaBqhcPD3RcLzIWX/Nm0
Nw4mOiiMCaV+CtKd5SpuV0AAx8x0oQRZgWqeP5B7Zvx+0lEm8ewaNKLLYHU57bZ9
e9zTg6xPqwNjAhHx7DPUofvRDVaL6h4yDoIcqg/KULWlAxoNTF+yGaacxL5nZhbL
jdOwKwpLJ1jJeZJ5cV9fLveNN/gWukV/QPesHnNdHg42GcjEAEuQt7xVRrD3UwvI
0gl73ADusAoWoR308QF+
=057e
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 12 Jul 2014 07:30:36 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:43:23 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon