Bug#1004691: marked as done (samba: CVE-2021-43566)

Sun, 29 May 2022 11:04:04 -0700 

Your message dated Sun, 29 May 2022 18:02:22 +0000
with message-id <[email protected]>
and subject line Bug#1004691: fixed in samba 2:4.13.13+dfsg-1~deb11u4
has caused the Debian Bug report #1004691,
regarding samba: CVE-2021-43566
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1004691: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004691
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: samba
Version: 2:4.13.14+dfsg-1
Severity: grave
Tags: security upstream
Forwarded: https://bugzilla.samba.org/show_bug.cgi?id=13979
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2:4.13.13+dfsg-1~deb11u2
Control: found -1 2:4.9.5+dfsg-5+deb10u2

Hi,

The following vulnerability was published for samba.

CVE-2021-43566[0]:
| All versions of Samba prior to 4.13.16 are vulnerable to a malicious
| client using an SMB1 or NFS race to allow a directory to be created in
| an area of the server file system not exported under the share
| definition. Note that SMB1 has to be enabled, or the share also
| available via NFS in order for this attack to succeed.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-43566
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43566
[1] https://www.samba.org/samba/security/CVE-2021-43566.html
[2] https://bugzilla.samba.org/show_bug.cgi?id=13979

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: samba
Source-Version: 2:4.13.13+dfsg-1~deb11u4
Done: Michael Tokarev <[email protected]>

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 28 May 2022 22:52:59 +0300
Source: samba
Architecture: source
Version: 2:4.13.13+dfsg-1~deb11u4
Distribution: bullseye-proposed-updates
Urgency: medium
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 953530 998423 999876 1001053 1004691 1005642 1006935 1009855
Changes:
 samba (2:4.13.13+dfsg-1~deb11u4) bullseye-proposed-updates; urgency=medium
 .
   * fix the order of everything during build by exporting PYTHONHASHSEED=1
     for waf.  This should fix the broken i386 build of the last security
     upload. Closes: #1006935, #1009855
   * Import the left-over patches from 4.13.17 upstream stable branch:
    - s3-winbindd-fix-allow-trusted-domains-no-regression.patch
      https://bugzilla.samba.org/show_bug.cgi?id=14899
      Closes: #999876, winbind fails to start with `allow trusted domains: no`
    - IPA-DC-add-missing-checks.patch
      https://bugzilla.samba.org/show_bug.cgi?id=14903
    - CVE-2020-25717-s3-auth-fix-MIT-Realm-regression.patch
      https://bugzilla.samba.org/show_bug.cgi?id=14922
      Closes: #1001053, MIT-kerberos auth broken after 4.13.13+dfsg-1~deb11u2
    - dsdb-Use-DSDB_SEARCH_SHOW_EXTENDED_DN-when-searching.patch
      https://bugzilla.samba.org/show_bug.cgi?id=14656
      https://bugzilla.samba.org/show_bug.cgi?id=14902
    - s3-smbd-Fix-mkdir-race-condition-allows-share-escape.patch
      https://bugzilla.samba.org/show_bug.cgi?id=13979
      Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
   * 4 patches from upstream to fix possible serious data corruption issue
     with windows client cache poisoning, Closes: #1005642
     https://bugzilla.samba.org/show_bug.cgi?id=14928
   * two patches from upstream to fix coredump when connecting to shares
     with var substitutions, Closes: #998423
     https://bugzilla.samba.org/show_bug.cgi?id=14809
   * samba-common-bin.postinst: mkdir /run/samba before invoking samba binaries
     Closes: #953530
   * remove file creation+deletion from previously applied combined patches
     CVE-2021-23192-only-4.13-v2.patch & CVE-2021-3738-dsdb-crash-4.13-v03.patch
     to make patch deapply happy (quilt does not notice this situation)
   * d/salsa-ci.yml: target bullseye
Checksums-Sha1:
 0ca51aa2da29720bbd031f3312a2cd9b1510e2e1 4034 samba_4.13.13+dfsg-1~deb11u4.dsc
 3a47efcafa28d4822f1255a013a5f6e969c08fd9 473752 
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
 5fdee37732717fb03c62f3a1192e362e33d9dfd1 8990 
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo
Checksums-Sha256:
 8a73f505c06f019493f5f072849883f91225d153dc04cf29b0c842db95f2f122 4034 
samba_4.13.13+dfsg-1~deb11u4.dsc
 400ee978570b9e4660504dd78134cc48c49976f7779c0d91d50759194fdb577b 473752 
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
 acd609e8ea1a52aae286c1b4c8627786fc8e942318ab37aaf1647441929933e9 8990 
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo
Files:
 a6145bfa833244fe4cb634424a6788a0 4034 net optional 
samba_4.13.13+dfsg-1~deb11u4.dsc
 608b6314448bc0d7caf365567f1ceade 473752 net optional 
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
 a91c6e2d38554116a6032357bb70bcdd 8990 net optional 
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmKSfjIPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZNgUH/0jEPHRjiCZG3HXAYsOvT4W8c++knegy0qEM
GWJen2oFCCNQQCGcxzATDPOk2YuzFjgWBnvxsTKDqPXtZCZxIomzr/rAmf5UmIc6
y2Qlbl9CnrgTlQbfUiUEEuvd306VDg3zff0ttsEAkiSp/PmBPpTqA2dnXZuPfnZo
l/3xfq936EdjeTaHAsZkerH5+4W34W8ZM2PqGJ2gjWGCfWaK450UAWJIMEFK6hFB
8SdmE4M8PmK3eEhe8bSt1IRoYS0/juTRdpaZnP5dJ9qSiDy9Rf5zk4YQjFTAoTJP
+giD8JgtrzCcoQ1GSy2N6TuulsG1ipafxSpYg9he/J6FT79qS8U=
=ssEN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to