[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

[Rafael David Tinoco]

## state

inaddy@winbindsegfault:~$ dpkg -l | grep -i samba
iU  libnss-winbind:amd64                               
2:4.3.9+dfsg-0ubuntu0.14.04.1        amd64        Samba nameservice integration 
plugins
ii  libwbclient0:amd64                                 
2:4.1.6+dfsg-1ubuntu2.14.04.13       amd64        Samba winbind client library
ii  python-samba                                       
2:4.1.6+dfsg-1ubuntu2.14.04.13       amd64        Python bindings for Samba
ii  samba                                              
2:4.1.6+dfsg-1ubuntu2.14.04.13       amd64        SMB/CIFS file, print, and 
login server for Unix
ii  samba-common                                       
2:4.1.6+dfsg-1ubuntu2.14.04.13       all          common files used by both the 
Samba server and client
ii  samba-common-bin                                   
2:4.1.6+dfsg-1ubuntu2.14.04.13       amd64        Samba common files used by 
both the server and the client
iU  samba-dsdb-modules                                 
2:4.3.9+dfsg-0ubuntu0.14.04.1        amd64        Samba Directory Services 
Database
ii  samba-libs:amd64                                   
2:4.1.6+dfsg-1ubuntu2.14.04.13       amd64        Samba core libraries
ii  samba-vfs-modules                                  
2:4.1.6+dfsg-1ubuntu2.14.04.13       amd64        Samba Virtual FileSystem 
plugins

** Description changed:

  It was brought to my attention that, because of latest security fixes
  for samba:
  
  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739
  
  samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
  samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
  samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium
  
  when library symbols changed, a samba upgrade MAY jeopardize an entire
  Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service
  (specially if used before compat mechanism).
  
  ----
  
  How to reproduce easily:
  
  $ cat /etc/nsswitch.conf
  passwd: winbind compat
  shadow: compat
  group: winbind compat
  
  (winbind is usually used after compat, in this case it was used before)
  
  to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do a:
  
  $ sudo apt-get update
  
  and FINALLY:
  
- """
- 
- """
+ https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1
  
  Leading into an unusable system in the following state:
  
+ https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2
+ 
  ## state
- 
  
  Workaround:
  
  DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d with
  "pam-auth-update") before ANY attempt of upgrading samba to latest
  version.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1584485

Title:
  Upgrading samba to latest security fixes together with winbind in
  nsswitch.conf can harm entire OS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs