samba: CVE-2014-3560: Remote code execution in nmbd

Debian Bug report logs - #756759
samba: CVE-2014-3560: Remote code execution in nmbd

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: samba: CVE-2014-3560: Remote code execution in nmbd

Date: Fri, 01 Aug 2014 14:43:54 +0200

Source: samba
Version: 2:4.1.9+dfsg-2
Severity: grave
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for samba.

CVE-2014-3560[0]:
Remote code execution in nmbd

See [1] for details.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-3560
[1] https://www.samba.org/samba/security/CVE-2014-3560

Regards,
Salvatore

Message #12 received at 756759-close@bugs.debian.org (full text, mbox, reply):

From: Jelmer Vernooij <jelmer@debian.org>

To: 756759-close@bugs.debian.org

Subject: Bug#756759: fixed in samba 2:4.1.11+dfsg-1

Date: Sun, 03 Aug 2014 03:42:02 +0000

Source: samba
Source-Version: 2:4.1.11+dfsg-1

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 756759@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jelmer Vernooij <jelmer@debian.org> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 03 Aug 2014 03:47:07 +0200
Source: samba
Binary: samba samba-libs samba-common samba-common-bin smbclient samba-testsuite registry-tools libparse-pidl-perl samba-dev samba-doc python-samba samba-dsdb-modules samba-vfs-modules libpam-smbpass libsmbclient libsmbclient-dev libsmbsharemodes0 libsmbsharemodes-dev winbind libpam-winbind libnss-winbind samba-dbg libwbclient0 libwbclient-dev
Architecture: source amd64 all
Version: 2:4.1.11+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Jelmer Vernooij <jelmer@debian.org>
Description:
 libnss-winbind - Samba nameservice integration plugins
 libpam-smbpass - pluggable authentication module for Samba
 libpam-winbind - Windows domain authentication integration plugin
 libparse-pidl-perl - IDL compiler written in Perl
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libsmbsharemodes-dev - development files for libsmbsharemodes
 libsmbsharemodes0 - shared library for non-samba access to the samba 'share modes' da
 libwbclient-dev - Samba winbind client library - development files
 libwbclient0 - Samba winbind client library
 python-samba - Python bindings for Samba
 registry-tools - tools for viewing and manipulating the Windows registry
 samba      - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - Samba common files used by both the server and the client
 samba-dbg  - Samba debugging symbols
 samba-dev  - tools for extending Samba
 samba-doc  - Samba documentation
 samba-dsdb-modules - Samba Directory Services Database
 samba-libs - Samba core libraries
 samba-testsuite - test suite from Samba
 samba-vfs-modules - Samba Virtual FileSystem plugins
 smbclient  - command-line SMB/CIFS clients for Unix
 winbind    - service to resolve user and group information from Windows NT ser
Closes: 756759
Changes:
 samba (2:4.1.11+dfsg-1) unstable; urgency=high
 .
   * New upstream release. Fixes:
    + CVE-2014-3560: Remote code execution in nmbd. Closes: #756759
Checksums-Sha1:
 0a5c24372285c63c83c2c411e701e0bfa1d9e7d4 4213 samba_4.1.11+dfsg-1.dsc
 e9c6bdb79ce2b3729a28036ca2b38625785e01da 19014587 samba_4.1.11+dfsg.orig.tar.gz
 e717a9eaa8cbcecf85a4026d321db021257b952b 212760 samba_4.1.11+dfsg-1.debian.tar.xz
 e18d6bad7671644ed8b2e83ac21b1a12086e467c 940290 samba_4.1.11+dfsg-1_amd64.deb
 28d99671adf09c257142de15502c5929c9a5cc9d 4332132 samba-libs_4.1.11+dfsg-1_amd64.deb
 fc0b7124f45ae537c65deee46d37862e38009775 250942 samba-common_4.1.11+dfsg-1_all.deb
 910f616e88c727962ec61f70678453b45cc574bf 580370 samba-common-bin_4.1.11+dfsg-1_amd64.deb
 1bf23ac70d8bdf72b750c0f98defe7d11c494fb9 328760 smbclient_4.1.11+dfsg-1_amd64.deb
 f2dcc60c75bc03c7e0e84a8cdf86311ed1a5e6c6 1394176 samba-testsuite_4.1.11+dfsg-1_amd64.deb
 1e03cc4d165ed5bcffa2c8a9ca47230122151676 117816 registry-tools_4.1.11+dfsg-1_amd64.deb
 97e79ad27a2156954090ba23a373faab1afdca5e 178746 libparse-pidl-perl_4.1.11+dfsg-1_amd64.deb
 5a735fdfd4ae77b271b53781820005790646f2d9 294674 samba-dev_4.1.11+dfsg-1_amd64.deb
 1f4bdb700ce7c4ec1e5a4c0d8d30adcf89b3b819 301650 samba-doc_4.1.11+dfsg-1_all.deb
 6270d972d40a1e06a415b27a55de590b701cc22c 970078 python-samba_4.1.11+dfsg-1_amd64.deb
 1d73cc827403d1e9735b9a68a4b9109f6ff9b822 298138 samba-dsdb-modules_4.1.11+dfsg-1_amd64.deb
 a52a5cb2ed7495d39b4860f47eaaa8a3f833af16 297312 samba-vfs-modules_4.1.11+dfsg-1_amd64.deb
 13058faaf6e112253d1324d9bd946c03b97a2187 111078 libpam-smbpass_4.1.11+dfsg-1_amd64.deb
 4598aeeca49b04d193bf34f7c1aaa9e44b077390 141876 libsmbclient_4.1.11+dfsg-1_amd64.deb
 ce306c28a813fc1bff4c1ed77e122aa6045756e6 128804 libsmbclient-dev_4.1.11+dfsg-1_amd64.deb
 568e417435b278cf8d50e8bae82d8c530fce0567 98162 libsmbsharemodes0_4.1.11+dfsg-1_amd64.deb
 21444564426faa278be8e6582bb8f4944fbd1414 93600 libsmbsharemodes-dev_4.1.11+dfsg-1_amd64.deb
 925718fc121e9890b0a0c980136e1f0a847cabe2 492362 winbind_4.1.11+dfsg-1_amd64.deb
 91c7cb1f67567df4b0901e80ed5c371c276aafbc 115136 libpam-winbind_4.1.11+dfsg-1_amd64.deb
 61cd4648872e232e601715b1a6d724b896d55548 101194 libnss-winbind_4.1.11+dfsg-1_amd64.deb
 01775004b0dc9ed710ed164ee3482311cde3eb6e 25837268 samba-dbg_4.1.11+dfsg-1_amd64.deb
 50e225dad4ae692ccb4042372c03663174fd3d7e 113004 libwbclient0_4.1.11+dfsg-1_amd64.deb
 695a8b0ff0f68694cdce19f8de57f91c459f5bd1 100276 libwbclient-dev_4.1.11+dfsg-1_amd64.deb
Checksums-Sha256:
 15ffd3561df94e9c531d5e2c4860abc09e271c4bda64137d99bffdc8559386ab 4213 samba_4.1.11+dfsg-1.dsc
 16010e87047e4c1ebdd76eac76ecb7d77807830078ec9de929516f006d7b00fe 19014587 samba_4.1.11+dfsg.orig.tar.gz
 b0c1a8c79229430a46b0141134d39c2f608d16da25d2b532c81e33d1cc692b31 212760 samba_4.1.11+dfsg-1.debian.tar.xz
 58293c0cbbf228601658178e942f2a4dcbed4ae0fa7a4ae52c7407c549f26c18 940290 samba_4.1.11+dfsg-1_amd64.deb
 c03eb0eb3232636d26ce4425b8c8bf53be6188b0e8bccf1a7dc939086c15687e 4332132 samba-libs_4.1.11+dfsg-1_amd64.deb
 cf9945c9f5af9a7891ed10c603ff522fd809689fb9c6b8383e9873e5c31da602 250942 samba-common_4.1.11+dfsg-1_all.deb
 518131bf9e9573cde9b7d975fb4cc327ca80dc1d6eea47a55a740b22e8b1ef0e 580370 samba-common-bin_4.1.11+dfsg-1_amd64.deb
 f2e4432ceaedc580599a4e34147f1d5593b0ced5970f6a9b1d1b6aca841eda95 328760 smbclient_4.1.11+dfsg-1_amd64.deb
 46054797c4358adb7361ee28dbaabbdec2dd149020bd1da43230e4138da3c0a0 1394176 samba-testsuite_4.1.11+dfsg-1_amd64.deb
 70f25282a372a037b39c6f2a0fc7e1c1e3706f85ed5266a6afffd0c91360f149 117816 registry-tools_4.1.11+dfsg-1_amd64.deb
 59dfd84f8de9ff79e412ed96502e7b4c59213eeb94afd4e4ef4fdefcffb92e94 178746 libparse-pidl-perl_4.1.11+dfsg-1_amd64.deb
 9a8e9341464b16bbc7f2c39495f03932b9e199e04af88f28bee991885c48afd4 294674 samba-dev_4.1.11+dfsg-1_amd64.deb
 a905a3becbb91eccc2498a1f17de26091b7295b4813afc9fe809a4abb52c8010 301650 samba-doc_4.1.11+dfsg-1_all.deb
 f8861b96f28cb44f34b1ac5c1fc96a8434c11e66aedbcead302ea2991a640dec 970078 python-samba_4.1.11+dfsg-1_amd64.deb
 7f9e2812d44a24b92c5400a98c7cf6484ce93f358b30115d85864fa759cb06ec 298138 samba-dsdb-modules_4.1.11+dfsg-1_amd64.deb
 15492fe5a8a9fd6c9a17c6ccc9f7ac4c44ded940afacb3b5efbb68c530ad424e 297312 samba-vfs-modules_4.1.11+dfsg-1_amd64.deb
 b0dc564207292955adc39a5def1b280b4e37ce0a0c2e1404be0fd196bdc55a13 111078 libpam-smbpass_4.1.11+dfsg-1_amd64.deb
 7f15f8a2d1efd5ab53f4e0c17f7d17e354ccf13ae7e32964cd1dceb575276938 141876 libsmbclient_4.1.11+dfsg-1_amd64.deb
 fc48607417cf53ef889b8b26bd4e86fb2acb6be89a2d12135d8228bbd6ddd61b 128804 libsmbclient-dev_4.1.11+dfsg-1_amd64.deb
 1472239142105b95898818869ca00d35b304ee5512406163348b49920b15c13d 98162 libsmbsharemodes0_4.1.11+dfsg-1_amd64.deb
 2a9a1585cb703977715626da6dd4fd13b23f97874b89dcb1766f65cb69e0c294 93600 libsmbsharemodes-dev_4.1.11+dfsg-1_amd64.deb
 71ba2771d82e690158848c7f3558ef5c5036212cfb50ccb5719b52b9fa40d9ef 492362 winbind_4.1.11+dfsg-1_amd64.deb
 786b6216ca9e2afa4af263175498e532a16a98891dd451e22e7d52069040deea 115136 libpam-winbind_4.1.11+dfsg-1_amd64.deb
 cf06ec8f27699f51aaa5f64be0a5925dee4388eebda69d37614165b34bfd9ea0 101194 libnss-winbind_4.1.11+dfsg-1_amd64.deb
 973be5d5a0628da59e60041c71e9dfc579315d39636644d2b83dcdbb2fc1c2f3 25837268 samba-dbg_4.1.11+dfsg-1_amd64.deb
 29ae871ca8a3b7e50bb0affc4690a5d051513fd06b5fe0a67dbd890dda8f8017 113004 libwbclient0_4.1.11+dfsg-1_amd64.deb
 a5b4aef7688829b9a25184513e9ebfb1abc84a394da1691ed77dc790d960fba0 100276 libwbclient-dev_4.1.11+dfsg-1_amd64.deb
Files:
 8006db5e899905cea84228a5d35d01cf 940290 net optional samba_4.1.11+dfsg-1_amd64.deb
 4a82d1971b27dc0fa99216e33b9db007 4332132 libs optional samba-libs_4.1.11+dfsg-1_amd64.deb
 d54cfdf8e7a18d2a716523c6a79921f2 250942 net optional samba-common_4.1.11+dfsg-1_all.deb
 eaac7cb491c604c63d20469856100c67 580370 net optional samba-common-bin_4.1.11+dfsg-1_amd64.deb
 80e3ab98b2d496bf0a9a60b80850e0ff 328760 net optional smbclient_4.1.11+dfsg-1_amd64.deb
 2164196e8ec296680fa3a5c8e9141834 1394176 net optional samba-testsuite_4.1.11+dfsg-1_amd64.deb
 529d3cd5f9e45b4dbd8bf1aa5b791077 117816 net optional registry-tools_4.1.11+dfsg-1_amd64.deb
 5393305f11ceb36ff5d02473d26a734e 178746 perl optional libparse-pidl-perl_4.1.11+dfsg-1_amd64.deb
 b3dd975dc36f8957b163762dd3e62931 294674 devel optional samba-dev_4.1.11+dfsg-1_amd64.deb
 c44f6545f42cb760dec29ea1897c44ea 301650 doc optional samba-doc_4.1.11+dfsg-1_all.deb
 028f79aa43bf619e7b5917890a74789a 970078 python optional python-samba_4.1.11+dfsg-1_amd64.deb
 7db4f18806403715e97fb49552efaac5 298138 libs optional samba-dsdb-modules_4.1.11+dfsg-1_amd64.deb
 7c1bc4472f01ff5d0acc14b937d9186f 297312 net optional samba-vfs-modules_4.1.11+dfsg-1_amd64.deb
 ae2a302f6be3f64bd4e734fa0187e437 111078 admin extra libpam-smbpass_4.1.11+dfsg-1_amd64.deb
 6004ed49b8267f51b3f005a04fe0bc09 141876 libs optional libsmbclient_4.1.11+dfsg-1_amd64.deb
 d4d965ce4ba90f84c5cd81f41896f944 128804 libdevel extra libsmbclient-dev_4.1.11+dfsg-1_amd64.deb
 4db9e9ca2873cc7fdd9b7a2bcc9ead34 98162 libs optional libsmbsharemodes0_4.1.11+dfsg-1_amd64.deb
 7b3aacf92a68a2c5587644fb8dae46d8 93600 libdevel extra libsmbsharemodes-dev_4.1.11+dfsg-1_amd64.deb
 2b3238ec4638c61acc5b746de6e8348f 492362 net optional winbind_4.1.11+dfsg-1_amd64.deb
 2bbfa793fe00d6b0f3601e42c4a67b4f 115136 net optional libpam-winbind_4.1.11+dfsg-1_amd64.deb
 fb679bb8e38c9eb367151cb07eb32b99 101194 net optional libnss-winbind_4.1.11+dfsg-1_amd64.deb
 9f947eb2ea884886ea3110444ec946ca 25837268 debug extra samba-dbg_4.1.11+dfsg-1_amd64.deb
 8e21c327c3066266930a67f8d53a15b1 113004 libs optional libwbclient0_4.1.11+dfsg-1_amd64.deb
 eeae3638eaa108c316908aed4af730c7 100276 libdevel optional libwbclient-dev_4.1.11+dfsg-1_amd64.deb
 83867c1cdd5e16c0b0317fcb92e847a3 4213 net optional samba_4.1.11+dfsg-1.dsc
 48cbbd4a56155ce06874211bd931b576 19014587 net optional samba_4.1.11+dfsg.orig.tar.gz
 eae8704ca1a28cde9e3aa3372114775d 212760 net optional samba_4.1.11+dfsg-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJT3asnAAoJEACAbyvXKaRXgugP/A7XskMqScCqJZUOm0Dh4nvk
HEDlanTv5Ilp7tshyb69tjRX6Qug9ay9obETMsWKYI7RDUbXB9bK1/RjxZYQ3KV5
//YWfCwG1GzFsRTTpcwx5gGin8D0pMdrN1j1yK4XYMl5YGLe76dU925V/TAy9Ip6
KQ8h+vYEPrZCoRfjRNMGexObQYmRm+3c3PovYARc0IuMxy8/xm9MndZWz8OckfIS
a0FkrurzcJcEcCArapPua8gdAkkeBHXk+QIHSZp6EmvnwXDsdofm5fx9Gl2XzUpJ
4NMO+mjFJj3EofpttZX5NRvHRNH92fdUPLKMTam0aBHT5MW/uSLxdii1Ad6aPCJ2
Dzj+9NeA4g6DpePnwQhJi7kDlYtMhlAJVWGuPZT/DDNnv7oghLjoJJHY2FH+ZPHr
GXVMQ6RSnNKMQKMRFgMmu83WQgQP7DhylwHWOwvI/O0yRzCqAoANLeH+HbEmp7Xf
HqeQt28ze8A7bDz6V2Ba5W+sIAhMBoWPA9ONEYiCBqHkubwaWRHvt3Upp3ZzJRGI
SCbVe7h76O/JE8ECbWUgcnwOQJC3zQ6l9ywQw1dyPLTArBP5BiciYhnYgAfoUwFL
diWHIa9Y/Eq0nzlcQ5Z6pRzX+NxJukWZ8RTFYjCd0eitiU63PrwO6C+z5fbgtEdx
I+C9pfLBwmxYGs58wWYw
=uu/4
-----END PGP SIGNATURE-----

Message #17 received at 756759-submitter@bugs.debian.org (full text, mbox, reply):

From: Ivo De Decker <ivo.dedecker@ugent.be>

To: 756759-submitter@bugs.debian.org

Subject: Bug#756759 marked as pending

Date: Wed, 20 Aug 2014 22:05:08 +0000

tag 756759 pending
thanks

Hello,

Bug #756759 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-samba/samba.git;a=commitdiff;h=b69f22a

---
commit b69f22abc3e3d01667578f5bc96a3a7dbe9ccd62
Merge: 5ec4bb4 0b6bf2a
Author: Ivo De Decker <ivo.dedecker@ugent.be>
Date:   Wed Aug 20 20:25:00 2014 +0200

    Merge tag 'debian/4.1.11+dfsg-1' into wheezy-backports
    
    Conflicts:
    	debian/changelog

diff --cc debian/changelog
index c9ac709,686b4d9..00e9bf2
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,30 +1,36 @@@
+ samba (2:4.1.11+dfsg-1) unstable; urgency=high
+ 
+   * New upstream release. Fixes:
+    + CVE-2014-3560: Remote code execution in nmbd. Closes: #756759
+ 
+  -- Jelmer Vernooij <jelmer@debian.org>  Sun, 03 Aug 2014 03:47:07 +0200
+ 
+ samba (2:4.1.9+dfsg-2) unstable; urgency=medium
+ 
+   [ Jelmer Vernooij ]
+   * Depend on libgnutls28-dev rather than libgnutls-dev. Closes: #753146
+   * Remove outdated-autotools-helper-file overrides for config.guess and
+     config.sub; files are no longer present upstream.
+   * Add branch to Vcs-Git header.
+   * samba.smbd.upstart: Remove leftover code for RUN_MODE=inetd, which
+     was already removed elsewhere.
+   * Move dsdb-module library from samba-dsdb-modules to samba-libs, to
+     prevent circular dependencies between samba-dsdb-modules and samba-
+     libs. This is necessary since dsdb-module is now used by the dcerpc-
+     server library.
+ 
+   [ Debconf translations ]
+   * New Brazilian Portugese translation from Adriano Rafael Gomes.
+     Closes: #752719
+ 
+  -- Jelmer Vernooij <jelmer@debian.org>  Sun, 29 Jun 2014 19:43:52 +0200
+ 
 +samba (2:4.1.9+dfsg-1~bpo70+1) wheezy-backports; urgency=medium
 +
 +  * Rebuild for wheezy-backports.
 +
 + -- Ivo De Decker <ivo.dedecker@ugent.be>  Mon, 23 Jun 2014 19:53:08 +0200
 +
  samba (2:4.1.9+dfsg-1) unstable; urgency=high
  
    * New upstream security release. Fixes:

Send a report that this bug log contains spam.