[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2022-11-01 Thread Lucas Kanashiro 
Since this was fixed in version 4.16 I added tasks for Focal and Bionic
which are impacted and marked the development release as Fix Released.

** Also affects: samba (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: samba (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Changed in: samba (Ubuntu)
   Status: Incomplete => Fix Released

** Changed in: samba (Ubuntu Bionic)
   Status: New => Triaged

** Changed in: samba (Ubuntu Focal)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Committed
Status in samba source package in Yakkety:
  Fix Committed
Status in samba source package in Bionic:
  Triaged
Status in samba source package in Focal:
  Triaged
Status in samba package in Debian:
  Fix Released

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case 1]

  Verify that the regression reported in bug 1644428 has not recurred.

  [Test Case 2]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
     7.1) sudo restart smbd
     7.2) sudo restart nmbd
     7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions


___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2022-10-24 Thread Bug Watch Updater 
** Changed in: samba (Debian)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  Incomplete
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Committed
Status in samba source package in Yakkety:
  Fix Committed
Status in samba package in Debian:
  Fix Released

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case 1]

  Verify that the regression reported in bug 1644428 has not recurred.

  [Test Case 2]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
     7.1) sudo restart smbd
     7.2) sudo restart nmbd
     7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions


___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2017-07-13 Thread Andreas Hasenack 
Revised fix-1584485.patch that includes a missing library in the static
build to fix bug #1677329. Patch submitted upstream to samba-technical
awaiting feedback.

** Patch added: "fix-1584485-take2.patch"
   
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4914111/+files/fix-1584485-take2.patch

** Changed in: samba (Ubuntu)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  Incomplete
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Committed
Status in samba source package in Yakkety:
  Fix Committed
Status in samba package in Debian:
  New

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case 1]

  Verify that the regression reported in bug 1644428 has not recurred.

  [Test Case 2]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
     7.1) sudo restart smbd
     7.2) sudo restart nmbd
     7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2016-12-19 Thread Launchpad Bug Tracker 
This bug was fixed in the package samba - 2:4.3.11+dfsg-0ubuntu0.14.04.4

---
samba (2:4.3.11+dfsg-0ubuntu0.14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
- debian/patches/CVE-2016-2123.patch: check lengths in
  librpc/ndr/ndr_dnsp.c.
- CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
- debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
  source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
  source4/auth/gensec/gensec_gssapi.c.
- CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
- debian/patches/CVE-2016-2126.patch: only allow known checksum types
  in auth/kerberos/kerberos_pac.c.
- CVE-2016-2126

 -- Marc Deslauriers   Mon, 12 Dec 2016
08:40:01 -0500

** Changed in: samba (Ubuntu Trusty)
   Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2123

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2125

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2126

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Committed
Status in samba source package in Yakkety:
  Fix Committed
Status in samba package in Debian:
  New

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case 1]

  Verify that the regression reported in bug 1644428 has not recurred.

  [Test Case 2]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
     7.1) sudo restart smbd
     7.2) sudo restart nmbd
     7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions

___
Mailing list:

[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2016-11-24 Thread Martin Pitt 
Reopening for trusty as the change was reverted in bug 1644428.

** Changed in: samba (Ubuntu Trusty)
   Status: Fix Released => In Progress

** Tags removed: verification-done-trusty
** Tags added: verification-failed

** Tags removed: verification-needed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  In Progress
Status in samba source package in Xenial:
  Fix Committed
Status in samba source package in Yakkety:
  Fix Committed
Status in samba package in Debian:
  New

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
 7.1) sudo restart smbd
 7.2) sudo restart nmbd
 7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2016-11-23 Thread Launchpad Bug Tracker 
This bug was fixed in the package samba - 2:4.3.11+dfsg-0ubuntu0.14.04.2

---
samba (2:4.3.11+dfsg-0ubuntu0.14.04.2) trusty; urgency=medium

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
   to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski   Wed, 09 Nov 2016
15:09:11 +0100

** Changed in: samba (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Committed
Status in samba source package in Yakkety:
  Fix Committed
Status in samba package in Debian:
  New

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
 7.1) sudo restart smbd
 7.2) sudo restart nmbd
 7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2016-10-25 Thread Martin Pitt 
** Also affects: samba (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833287
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  In Progress
Status in samba source package in Trusty:
  In Progress
Status in samba source package in Xenial:
  In Progress
Status in samba source package in Yakkety:
  In Progress
Status in samba package in Debian:
  Unknown

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
 7.1) sudo restart smbd
 7.2) sudo restart nmbd
 7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2016-10-18 Thread Jorge Niedbalski 
** No longer affects: samba (Ubuntu Precise)

** Changed in: samba (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: samba (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: samba (Ubuntu Xenial)
 Assignee: (unassigned) => Jorge Niedbalski (niedbalski)

** Patch added: "Yakkety Patch for 1584485"
   
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4763305/+files/fix-1584485-yakkety.debdiff

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  In Progress
Status in samba source package in Trusty:
  In Progress
Status in samba source package in Xenial:
  In Progress
Status in samba source package in Yakkety:
  In Progress

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
 7.1) sudo restart smbd
 7.2) sudo restart nmbd
 7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

2016-10-17 Thread Louis Bouchard 
** Also affects: samba (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: samba (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: samba (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: samba (Ubuntu Yakkety)
   Importance: High
 Assignee: Jorge Niedbalski (niedbalski)
   Status: In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

Status in samba package in Ubuntu:
  In Progress
Status in samba source package in Precise:
  New
Status in samba source package in Trusty:
  New
Status in samba source package in Xenial:
  New
Status in samba source package in Yakkety:
  In Progress

Bug description:
  [Impact]

  * Upgrading samba when using winbind as NSS service can break OS.
  * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf.
  * Huge impact due to big version different between winbind and libraries.

  [Test Case]

  1) Start an ubuntu Trusty container
  2) cp /etc/apt/sources.list /etc/apt/sources.list.back
  3) Disable the trusty-updates and trusty-security archives in 
/etc/apt/sources.list
  4) sudo apt-get update
  5) sudo apt-get install samba winbind libnss-winbind libpam-winbind
  6) Set /etc/nsswitch.conf to : passwd: winbind compat
  7) Restart the services
 7.1) sudo restart smbd
 7.2) sudo restart nmbd
 7.3) sudo restart winbind
  8) cp /etc/apt/sources.list.back /etc/apt/sources.list
  9) sudo apt-get update
  7) sudo apt-get install samba winbind libnss-winbind libpam-winbind

  While installing, you will see things similar to this :

  > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over 
(2:4.1.6+dfsg-1ubuntu2) ...
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped
  > dpkg: error processing archive 
/var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb
 (-
  > -unpack):
  >  subprocess dpkg-deb --control returned error exit status 2
  > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), 
core dumped

  [Regression Potential]

  * "preinst" and "postrm" maintainer scripts are acting only in "upgrade"
  * uninstalling packages and reinstalling would bypass this change

  [Other Info]

  * Original Bug Description:

  It was brought to my attention that, because of latest security fixes
  for samba:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739

  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium

  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).

  

  How to reproduce easily:

  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat

  (winbind is usually used after compat, in this case it was used
  before)

  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do
  a:

  $ sudo apt-get update

  and FINALLY:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1

  Leading into an unusable system in the following state:

  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2

  ## state

  Workaround:

  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d
  with "pam-auth-update") before ANY attempt of upgrading samba to
  latest version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp