Debian Bug report logs - #483410
CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun

version graph

Package: samba; Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>; Source for samba is src:samba.

Reported by: Christian Perrier <bubulle@debian.org>

Date: Wed, 28 May 2008 18:21:02 UTC

Severity: critical

Tags: patch, security

Found in version samba/3.0.24-6

Fixed in versions 1:3.0.30-1, samba/3.0.24-6etch10

Done: Christian Perrier <bubulle@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#483410; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun
Date: Wed, 28 May 2008 20:20:10 +0200
[Message part 1 (text/plain, inline)]
Package: samba
Version: 3.0.14a-3sarge11
Severity: critical
Tags: security patch
Justification: root security hole

Patch 1 is for etch
Patch 2 is the official patch released by the Samba Team. Applies cleanly on
Debian's 3.0.29. However, we'll fix unstable/testing by building samba 3.0.30

To security team: as I said, I'm unsure that I'll be able to work on
packages for etch. I'll at least try building with that patch. As usual, I
may need guidance to upload to the right place if you're OK for us to upload
for etch.

What about sarge? It is affected as well (samba is 3.0.14 there) but is it
still officially supported wrt security updates?


>From the announcement:

==========================================================
== Subject:     Boundary failure when parsing SMB responses
==              can result in a buffer overrun
==
== CVE ID#:     CVE-2008-1105
==
== Versions:    Samba 3.0.0 - 3.0.29 (inclusive)
==
== Summary:     Specifically crafted SMB responses can result
==              in a heap overflow in the Samba client code.
==              Because the server process, smbd, can itself
==              act as a client during operations such as
==              printer notification and domain authentication,
==              this issue affects both Samba client and server
==              installations.
==
==========================================================

===========
Description
===========

Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in smbd.  This defect is
is a result of an incorrect buffer size when parsing SMB
replies in the routine receive_smb_raw().


==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/
  
  Additionally, Samba 3.0.30 has been issued as a security
  release to correct the defect.  Samba administrators are
  advised to upgrade to 3.0.30 or apply the patch as soon
  as possible.
  
  
  =======
  Credits
  =======
  
  This vulnerability was reported to Samba developers by
  Alin Rad Pop, Secunia Research.
  
  The time line is as follows:
  
  * May 15, 2008: Initial report to security@samba.org.
  * May 15, 2008: First response from Samba developers confirming
    the bug along with a proposed patch.
    * May 28, 2008: Public security advisory made available.
    
    
    ==========================================================
    == Our Code, Our Bugs, Our Responsibility.
    == The Samba Team
    ==========================================================
    


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages samba depends on:
ii  adduser                3.107             add and remove users and groups
ii  debconf [debconf-2.0]  1.5.22            Debian configuration management sy
ii  libacl1                2.2.47-2          Access control list shared library
ii  libattr1               1:2.4.41-1        Extended attribute shared library
ii  libc6                  2.7-11            GNU C Library: Shared libraries
ii  libcomerr2             1.40.8-2          common error description library
ii  libcupsys2             1.3.7-5           Common UNIX Printing System(tm) - 
ii  libgnutls26            2.2.5-1           the GNU TLS library - runtime libr
ii  libkrb53               1.6.dfsg.3-2      MIT Kerberos runtime libraries
ii  libldap-2.4-2          2.4.9-1           OpenLDAP libraries
ii  libpam-modules         0.99.7.1-6        Pluggable Authentication Modules f
ii  libpam-runtime         0.99.7.1-6        Runtime support for the PAM librar
ii  libpam0g               0.99.7.1-6        Pluggable Authentication Modules l
ii  libpopt0               1.10-3            lib for parsing cmdline parameters
ii  logrotate              3.7.1-3           Log rotation utility
ii  lsb-base               3.2-12            Linux Standard Base 3.2 init scrip
ii  procps                 1:3.2.7-8         /proc file system utilities
ii  samba-common           1:3.0.29-1        Samba common files used by both th
ii  update-inetd           4.30              inetd configuration file updater
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

samba recommends no packages.

-- debconf information excluded
[security-CVE-2008-1105.patch (text/plain, attachment)]
[samba-3.0.29-CVE-2008-1105.patch (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#483410; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 483410@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Christian Perrier <bubulle@debian.org>
Cc: 483410@bugs.debian.org
Subject: Re: Bug#483410: CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun
Date: Wed, 28 May 2008 20:35:46 +0200
* Christian Perrier:

> To security team: as I said, I'm unsure that I'll be able to work on
> packages for etch. I'll at least try building with that patch. As
> usual, I may need guidance to upload to the right place if you're OK
> for us to upload for etch.

You should prepare an upload with distribution stable-security, urgency
high, and upload it to:

  <ftp://security-master.debian.org/pub/SecurityUploadQueue>

I could do that for you.  The problem is regression testing, which I can
do only to an extremely limited extent.

> What about sarge? It is affected as well (samba is 3.0.14 there) but is it
> still officially supported wrt security updates?

sarge is officially out of support.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#483410; Package samba. Full text and rfc822 format available.

Acknowledgement sent to dann frazier <dannf@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 483410@bugs.debian.org (full text, mbox):

From: dann frazier <dannf@debian.org>
To: Christian Perrier <bubulle@debian.org>, 483410@bugs.debian.org
Subject: Re: [Secure-testing-team] Bug#483410: CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun
Date: Wed, 28 May 2008 16:40:28 -0600
On Wed, May 28, 2008 at 08:20:10PM +0200, Christian Perrier wrote:
> What about sarge? It is affected as well (samba is 3.0.14 there) but is it
> still officially supported wrt security updates?

sarge security support ended about 2 months ago

-- 
dann frazier





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#483410; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #20 received at 483410@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 483410@bugs.debian.org
Subject: Re: Bug#483410: CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun
Date: Thu, 29 May 2008 07:05:29 +0200
[Message part 1 (text/plain, inline)]
(CC'ing you though I suppose you're subscribed to sec. bugs in some way)

Quoting Florian Weimer (fw@deneb.enyo.de):
> * Christian Perrier:
> 
> > To security team: as I said, I'm unsure that I'll be able to work on
> > packages for etch. I'll at least try building with that patch. As
> > usual, I may need guidance to upload to the right place if you're OK
> > for us to upload for etch.
> 
> You should prepare an upload with distribution stable-security, urgency
> high, and upload it to:
> 
>   <ftp://security-master.debian.org/pub/SecurityUploadQueue>

OK, that upload is ready.

So is another upload of 3.0.30, for unstable, security=high. It should
deal with testing-security as well as I think that the transition
shouldn't be blocked by an external factor (dependency packages).

> 
> I could do that for you.  The problem is regression testing, which I can
> do only to an extremely limited extent.

When it comes at samba, regression testing is *anyway* possible on an
extremely limited extent. There are way too many use cases which
require big infrastructures for testing (often "server member of an
Active Directory domain"), so we mostly rely on the good communication
with our upstream (as it happened for the last sec. issues which were
jerky for that reason and also because upstream themselves are
sometimes late wrt regression testing).


> 
> > What about sarge? It is affected as well (samba is 3.0.14 there) but is it
> > still officially supported wrt security updates?
> 
> sarge is officially out of support.

OK. I'll confirm that in users mailing lists for samba just to be sure
that some users are aware of that and don't expect packages from us.
(unofficial packages could be easy to build, though)

I may have very well missed that but has the official "out of support"
for sarge been announced somewhere. It definitely was announced when
etch was released, but a reminder would help our users (assuming
nothing has been sent, which, as I said, I'm unsure of).

-- 



[signature.asc (application/pgp-signature, inline)]

Reply sent to Christian Perrier <bubulle@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Christian Perrier <bubulle@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #25 received at 483410-close@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 483410-close@bugs.debian.org
Subject: Bug#483410: fixed in samba 1:3.0.30-1
Date: Thu, 29 May 2008 07:32:09 +0000
Source: samba
Source-Version: 1:3.0.30-1

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:

libpam-smbpass_3.0.30-1_i386.deb
  to pool/main/s/samba/libpam-smbpass_3.0.30-1_i386.deb
libsmbclient-dev_3.0.30-1_i386.deb
  to pool/main/s/samba/libsmbclient-dev_3.0.30-1_i386.deb
libsmbclient_3.0.30-1_i386.deb
  to pool/main/s/samba/libsmbclient_3.0.30-1_i386.deb
samba-common_3.0.30-1_i386.deb
  to pool/main/s/samba/samba-common_3.0.30-1_i386.deb
samba-dbg_3.0.30-1_i386.deb
  to pool/main/s/samba/samba-dbg_3.0.30-1_i386.deb
samba-doc-pdf_3.0.30-1_all.deb
  to pool/main/s/samba/samba-doc-pdf_3.0.30-1_all.deb
samba-doc_3.0.30-1_all.deb
  to pool/main/s/samba/samba-doc_3.0.30-1_all.deb
samba_3.0.30-1.diff.gz
  to pool/main/s/samba/samba_3.0.30-1.diff.gz
samba_3.0.30-1.dsc
  to pool/main/s/samba/samba_3.0.30-1.dsc
samba_3.0.30-1_i386.deb
  to pool/main/s/samba/samba_3.0.30-1_i386.deb
samba_3.0.30.orig.tar.gz
  to pool/main/s/samba/samba_3.0.30.orig.tar.gz
smbclient_3.0.30-1_i386.deb
  to pool/main/s/samba/smbclient_3.0.30-1_i386.deb
smbfs_3.0.30-1_i386.deb
  to pool/main/s/samba/smbfs_3.0.30-1_i386.deb
swat_3.0.30-1_i386.deb
  to pool/main/s/samba/swat_3.0.30-1_i386.deb
winbind_3.0.30-1_i386.deb
  to pool/main/s/samba/winbind_3.0.30-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 483410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 28 May 2008 22:38:44 +0200
Source: samba
Binary: samba samba-common smbclient swat samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev winbind samba-dbg
Architecture: source all i386
Version: 1:3.0.30-1
Distribution: unstable
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 libpam-smbpass - pluggable authentication module for SMB/CIFS password database
 libsmbclient - shared library that allows applications to talk to SMB/CIFS serve
 libsmbclient-dev - libsmbclient static libraries and headers
 samba      - a LanManager-like file and printer server for Unix
 samba-common - Samba common files used by both the server and the client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation (PDF format)
 smbclient  - a LanManager-like simple client for Unix
 smbfs      - mount and umount commands for the smbfs (for kernels >= than 2.2.
 swat       - Samba Web Administration Tool
 winbind    - service to resolve user and group information from Windows NT ser
Closes: 483410
Changes: 
 samba (1:3.0.30-1) unstable; urgency=high
 .
   * New upstream release: fix a heap overflow when parsing SMB responses in
     client code. (CVE-2008-1105). Closes: #483410
Checksums-Sha1: 
 da80f09413ac99e3fee1e53624592d218f9df2ff 1561 samba_3.0.30-1.dsc
 609c602d9a17ea05954fc9fc021cfd95227eaefb 20510081 samba_3.0.30.orig.tar.gz
 7d368c89e252ca2b6ee653a6cc5568e3c2566277 202358 samba_3.0.30-1.diff.gz
 035493b1a1dfbd83167db8ffb7492540a8b31b59 5169526 samba-doc_3.0.30-1_all.deb
 a8ca3d6ed8f1af79e56c6c18f66ecc54b3c8058f 6685028 samba-doc-pdf_3.0.30-1_all.deb
 1b63889afdcd2177eebb15a43a9d9eaa537ce2df 3765580 samba_3.0.30-1_i386.deb
 7325e12fc0cc76dc84c12244283f1f4fbf241929 2787512 samba-common_3.0.30-1_i386.deb
 5caade959737da15c1088a7d6faa1e0af327cea1 4756708 smbclient_3.0.30-1_i386.deb
 b7ad5d29b12883e1059ef2b92d2c738c4b36aa0f 949592 swat_3.0.30-1_i386.deb
 f5835eb74e8d81a7ec210dd052ef5932da10a2ed 87700 smbfs_3.0.30-1_i386.deb
 6033e4b36b2e24348cce724144d88d0f68ff39b5 456250 libpam-smbpass_3.0.30-1_i386.deb
 00049d8dc75963e9c0109c06786077f211e08c61 861074 libsmbclient_3.0.30-1_i386.deb
 2cccba3a0e855d26b0923a0444d6172bf10e3a34 1174072 libsmbclient-dev_3.0.30-1_i386.deb
 15f0fdb0f26166a33cdf4401859b99174ebd3672 2198516 winbind_3.0.30-1_i386.deb
 b78c6d23c2e6dfc950e03fcef3cb1df7c319fd16 20063876 samba-dbg_3.0.30-1_i386.deb
Checksums-Sha256: 
 13171241ed806d592c41055653e90fa631d5ac3408de0d7235317f77bac791b9 1561 samba_3.0.30-1.dsc
 a1789d3b896aab25a20c437f028bb56bc4de8655da8e6f5e7a743922c828fa53 20510081 samba_3.0.30.orig.tar.gz
 fad40292010245beb0b6ff9f8e9183bed01e48724da70603d26016dc6953eb2f 202358 samba_3.0.30-1.diff.gz
 b2cfd2b282fdc6fb80f24c754d48e27e1c597d4f3992f3264603340825d18339 5169526 samba-doc_3.0.30-1_all.deb
 1146f0809d9059686a31656351be6c8c6cccf67f70e07fbf5a587c770584abb6 6685028 samba-doc-pdf_3.0.30-1_all.deb
 2b3102166c3645460d465837735f257ae90b3b750c717c8f8c88d21ee25f6fa5 3765580 samba_3.0.30-1_i386.deb
 fde98256bb2caaa0f3342122eb41b02054273825cccdb251ddc9625ebc1a17db 2787512 samba-common_3.0.30-1_i386.deb
 6bd49b150ad0814bea1aa52916849f4d74038a39a9cf10f125687195aea255ee 4756708 smbclient_3.0.30-1_i386.deb
 d044e697bb49e55fca2628c2b40a1270612ca075f1a6d93c84cbeb1176fde4c3 949592 swat_3.0.30-1_i386.deb
 d89763f4c410f91252eaa7f1aafb897b16d99912d7398209aedec666f4152604 87700 smbfs_3.0.30-1_i386.deb
 80d97fa010465c466f2692b08adafc1396b76907794216593e62fcf4e65ee3e6 456250 libpam-smbpass_3.0.30-1_i386.deb
 f0cf27a5889a97ab2c312369ba090d059ce0f814ec2df1d07faed6a509e9cde5 861074 libsmbclient_3.0.30-1_i386.deb
 6744274d3d89bb8f463b9cbe33aa46b84e321a41315b4dca42e6e61164fef5e3 1174072 libsmbclient-dev_3.0.30-1_i386.deb
 0eb6485bec9b112d46bb1c0c00366a38243f0a204e0aa1ca69fc79ec67779bd5 2198516 winbind_3.0.30-1_i386.deb
 9b7684f62063b585b8f17a8ff85f20196d384fcfe97c42badf78c27157155d23 20063876 samba-dbg_3.0.30-1_i386.deb
Files: 
 89bbce81328b868887ebe4cdf6cb5fc9 1561 net optional samba_3.0.30-1.dsc
 d647ec1f34414fa8691f74536dcccfb5 20510081 net optional samba_3.0.30.orig.tar.gz
 0ae6fa1f0a9b5f1666f05b5b61d37d16 202358 net optional samba_3.0.30-1.diff.gz
 6f808e1c4e05435370a2197d735967c7 5169526 doc optional samba-doc_3.0.30-1_all.deb
 a3bb449c968f876e88c4a0c292e5bc9a 6685028 doc optional samba-doc-pdf_3.0.30-1_all.deb
 e0f675a3f32e0df55cc11e8f98321ede 3765580 net optional samba_3.0.30-1_i386.deb
 931c3a44d170f7caecac3210561a46be 2787512 net optional samba-common_3.0.30-1_i386.deb
 9742acdad3e6633783a55ded1eb5227a 4756708 net optional smbclient_3.0.30-1_i386.deb
 5431111735da1ed8a9613328b9bf3fe3 949592 net optional swat_3.0.30-1_i386.deb
 a292069b0274fedd1699faaf3bd1b57f 87700 otherosfs optional smbfs_3.0.30-1_i386.deb
 e6c8fff3517144c0b9e33ce415293842 456250 admin extra libpam-smbpass_3.0.30-1_i386.deb
 960bfe705c7cabceb437cb82af4cac24 861074 libs optional libsmbclient_3.0.30-1_i386.deb
 e3c291ae4a98d225a4e49573f430ce6c 1174072 libdevel extra libsmbclient-dev_3.0.30-1_i386.deb
 582591a949b167ea8cde63eb8e5a881a 2198516 net optional winbind_3.0.30-1_i386.deb
 709913464900d479a0cdc84d3ceee149 20063876 devel extra samba-dbg_3.0.30-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIPkim1OXtrMAUPS0RAghXAJ4oPkW4HNL5wrDkYopnbfx+/xO4nQCdHTfU
necQ14/3daUIz69O0Yio0WI=
=Ipix
-----END PGP SIGNATURE-----





Tags added: pending Request was from bubulle@alioth.debian.org to control@bugs.debian.org. (Thu, 29 May 2008 22:42:13 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#483410; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #32 received at 483410@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: team@security.debian.org
Cc: 483410@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#483410: CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun
Date: Thu, 29 May 2008 22:42:18 +0200
[Message part 1 (text/plain, inline)]
Quoting Christian Perrier (bubulle@debian.org):

> > You should prepare an upload with distribution stable-security, urgency
> > high, and upload it to:
> > 
> >   <ftp://security-master.debian.org/pub/SecurityUploadQueue>
> 
> OK, that upload is ready.


Uploaded.

I attached a debdiff with the former version in etch...


[sec-diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Bug no longer marked as found in version 3.0.14a-3sarge11. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Fri, 30 May 2008 02:03:03 GMT) Full text and rfc822 format available.

Bug marked as found in version 3.0.24-6. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Fri, 30 May 2008 02:03:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#483410; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #41 received at 483410@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Christian Perrier <bubulle@debian.org>
Cc: team@security.debian.org, 483410@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#483410: CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun
Date: Fri, 30 May 2008 15:25:00 +0200
* Christian Perrier:

> Uploaded.
>
> I attached a debdiff with the former version in etch...

Thanks.  We've got all builds except hppa, so we're ready for release.

Have you done some regression testing?  Shall we release?




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#483410; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #46 received at 483410@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: team@security.debian.org, 483410@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#483410: CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun
Date: Fri, 30 May 2008 18:17:52 +0200
[Message part 1 (text/plain, inline)]
Quoting Florian Weimer (fw@deneb.enyo.de):
> * Christian Perrier:
> 
> > Uploaded.
> >
> > I attached a debdiff with the former version in etch...
> 
> Thanks.  We've got all builds except hppa, so we're ready for release.
> 
> Have you done some regression testing?  Shall we release?

I've done the maximum regression testing I could do, which is testing
on my own home server (domain controller+file and print serviecs) and
on a semi-production server at work (NT4 domain member).

I'm afraid there is not much more that I can do...

-- 


[signature.asc (application/pgp-signature, inline)]

Reply sent to Christian Perrier <bubulle@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Christian Perrier <bubulle@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #51 received at 483410-close@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 483410-close@bugs.debian.org
Subject: Bug#483410: fixed in samba 3.0.24-6etch10
Date: Thu, 05 Jun 2008 07:52:26 +0000
Source: samba
Source-Version: 3.0.24-6etch10

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:

libpam-smbpass_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/libpam-smbpass_3.0.24-6etch10_i386.deb
libsmbclient-dev_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/libsmbclient-dev_3.0.24-6etch10_i386.deb
libsmbclient_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/libsmbclient_3.0.24-6etch10_i386.deb
python-samba_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/python-samba_3.0.24-6etch10_i386.deb
samba-common_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/samba-common_3.0.24-6etch10_i386.deb
samba-dbg_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/samba-dbg_3.0.24-6etch10_i386.deb
samba-doc-pdf_3.0.24-6etch10_all.deb
  to pool/main/s/samba/samba-doc-pdf_3.0.24-6etch10_all.deb
samba-doc_3.0.24-6etch10_all.deb
  to pool/main/s/samba/samba-doc_3.0.24-6etch10_all.deb
samba_3.0.24-6etch10.diff.gz
  to pool/main/s/samba/samba_3.0.24-6etch10.diff.gz
samba_3.0.24-6etch10.dsc
  to pool/main/s/samba/samba_3.0.24-6etch10.dsc
samba_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/samba_3.0.24-6etch10_i386.deb
smbclient_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/smbclient_3.0.24-6etch10_i386.deb
smbfs_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/smbfs_3.0.24-6etch10_i386.deb
swat_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/swat_3.0.24-6etch10_i386.deb
winbind_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/winbind_3.0.24-6etch10_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 483410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 28 May 2008 20:32:04 +0200
Source: samba
Binary: python-samba samba-doc-pdf samba-doc libsmbclient libpam-smbpass swat winbind smbclient samba libsmbclient-dev samba-common samba-dbg smbfs
Architecture: source i386 all
Version: 3.0.24-6etch10
Distribution: stable-security
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 libpam-smbpass - pluggable authentication module for SMB/CIFS password database
 libsmbclient - shared library that allows applications to talk to SMB/CIFS serve
 libsmbclient-dev - libsmbclient static libraries and headers
 python-samba - Python bindings that allow access to various aspects of Samba
 samba      - a LanManager-like file and printer server for Unix
 samba-common - Samba common files used by both the server and the client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation (PDF format)
 smbclient  - a LanManager-like simple client for Unix
 smbfs      - mount and umount commands for the smbfs (for kernels >= than 2.2.
 swat       - Samba Web Administration Tool
 winbind    - service to resolve user and group information from Windows NT ser
Closes: 483410
Changes: 
 samba (3.0.24-6etch10) stable-security; urgency=high
 .
   * debian/patches/security-CVE-2008-1105.patch: fix a heap overflow
     when parsing SMB responses in client code.  (CVE-2008-1105)
     Closes: #483410
Files: 
 c626b328fc1528860441417dc3f9f839 1427 net optional samba_3.0.24-6etch10.dsc
 1d2f4df0d02f79fdf5df209b865ac8b8 221051 net optional samba_3.0.24-6etch10.diff.gz
 340b67b8341a16dbc4c08656e0f7b5d3 6941154 doc optional samba-doc_3.0.24-6etch10_all.deb
 dbaaffd7f79dcd20ac33665bc03fcb7a 6599546 doc optional samba-doc-pdf_3.0.24-6etch10_all.deb
 d4169c95c208f3c0fb5e0fa1a4479333 3261660 net optional samba_3.0.24-6etch10_i386.deb
 99f180acf992f6370b4dcd4c554fa416 2381430 net optional samba-common_3.0.24-6etch10_i386.deb
 2537b13add3238ab6f01db5f99f51261 3881974 net optional smbclient_3.0.24-6etch10_i386.deb
 f42c3d79005726f4d9b60b9ae9473fd1 796626 net optional swat_3.0.24-6etch10_i386.deb
 7cafa5523170508ac8a84adabb24a848 414214 otherosfs optional smbfs_3.0.24-6etch10_i386.deb
 4c5b45c2eb0743ae198713ab42bb51b4 419422 admin extra libpam-smbpass_3.0.24-6etch10_i386.deb
 d270cea20a4c5cef0c93f387326d87fd 757912 libs optional libsmbclient_3.0.24-6etch10_i386.deb
 1e8e577d3543eaad1b4bff4e0cf5b5f5 115584 libdevel extra libsmbclient-dev_3.0.24-6etch10_i386.deb
 96e2f55e96427d3eb40d23624ede68ae 1865434 net optional winbind_3.0.24-6etch10_i386.deb
 93001f5f07039bcede1b6d0850501d90 5658206 python optional python-samba_3.0.24-6etch10_i386.deb
 ec2ec2ffee6664d007356a4c2c062249 11889084 devel extra samba-dbg_3.0.24-6etch10_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIPw7O1OXtrMAUPS0RAgUhAKCrgsH3pQ1TePHTZkY/aNqhlKvgpgCguUi8
O0VnoWel4cglSfJAgp2aiCg=
=7FcX
-----END PGP SIGNATURE-----





Reply sent to Christian Perrier <bubulle@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Christian Perrier <bubulle@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #56 received at 483410-close@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 483410-close@bugs.debian.org
Subject: Bug#483410: fixed in samba 3.0.24-6etch10
Date: Sat, 26 Jul 2008 09:57:58 +0000
Source: samba
Source-Version: 3.0.24-6etch10

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:

libpam-smbpass_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/libpam-smbpass_3.0.24-6etch10_i386.deb
libsmbclient-dev_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/libsmbclient-dev_3.0.24-6etch10_i386.deb
libsmbclient_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/libsmbclient_3.0.24-6etch10_i386.deb
python-samba_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/python-samba_3.0.24-6etch10_i386.deb
samba-common_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/samba-common_3.0.24-6etch10_i386.deb
samba-dbg_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/samba-dbg_3.0.24-6etch10_i386.deb
samba-doc-pdf_3.0.24-6etch10_all.deb
  to pool/main/s/samba/samba-doc-pdf_3.0.24-6etch10_all.deb
samba-doc_3.0.24-6etch10_all.deb
  to pool/main/s/samba/samba-doc_3.0.24-6etch10_all.deb
samba_3.0.24-6etch10.diff.gz
  to pool/main/s/samba/samba_3.0.24-6etch10.diff.gz
samba_3.0.24-6etch10.dsc
  to pool/main/s/samba/samba_3.0.24-6etch10.dsc
samba_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/samba_3.0.24-6etch10_i386.deb
smbclient_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/smbclient_3.0.24-6etch10_i386.deb
smbfs_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/smbfs_3.0.24-6etch10_i386.deb
swat_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/swat_3.0.24-6etch10_i386.deb
winbind_3.0.24-6etch10_i386.deb
  to pool/main/s/samba/winbind_3.0.24-6etch10_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 483410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 28 May 2008 20:32:04 +0200
Source: samba
Binary: python-samba samba-doc-pdf samba-doc libsmbclient libpam-smbpass swat winbind smbclient samba libsmbclient-dev samba-common samba-dbg smbfs
Architecture: source i386 all
Version: 3.0.24-6etch10
Distribution: stable-security
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 libpam-smbpass - pluggable authentication module for SMB/CIFS password database
 libsmbclient - shared library that allows applications to talk to SMB/CIFS serve
 libsmbclient-dev - libsmbclient static libraries and headers
 python-samba - Python bindings that allow access to various aspects of Samba
 samba      - a LanManager-like file and printer server for Unix
 samba-common - Samba common files used by both the server and the client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation (PDF format)
 smbclient  - a LanManager-like simple client for Unix
 smbfs      - mount and umount commands for the smbfs (for kernels >= than 2.2.
 swat       - Samba Web Administration Tool
 winbind    - service to resolve user and group information from Windows NT ser
Closes: 483410
Changes: 
 samba (3.0.24-6etch10) stable-security; urgency=high
 .
   * debian/patches/security-CVE-2008-1105.patch: fix a heap overflow
     when parsing SMB responses in client code.  (CVE-2008-1105)
     Closes: #483410
Files: 
 c626b328fc1528860441417dc3f9f839 1427 net optional samba_3.0.24-6etch10.dsc
 1d2f4df0d02f79fdf5df209b865ac8b8 221051 net optional samba_3.0.24-6etch10.diff.gz
 340b67b8341a16dbc4c08656e0f7b5d3 6941154 doc optional samba-doc_3.0.24-6etch10_all.deb
 dbaaffd7f79dcd20ac33665bc03fcb7a 6599546 doc optional samba-doc-pdf_3.0.24-6etch10_all.deb
 d4169c95c208f3c0fb5e0fa1a4479333 3261660 net optional samba_3.0.24-6etch10_i386.deb
 99f180acf992f6370b4dcd4c554fa416 2381430 net optional samba-common_3.0.24-6etch10_i386.deb
 2537b13add3238ab6f01db5f99f51261 3881974 net optional smbclient_3.0.24-6etch10_i386.deb
 f42c3d79005726f4d9b60b9ae9473fd1 796626 net optional swat_3.0.24-6etch10_i386.deb
 7cafa5523170508ac8a84adabb24a848 414214 otherosfs optional smbfs_3.0.24-6etch10_i386.deb
 4c5b45c2eb0743ae198713ab42bb51b4 419422 admin extra libpam-smbpass_3.0.24-6etch10_i386.deb
 d270cea20a4c5cef0c93f387326d87fd 757912 libs optional libsmbclient_3.0.24-6etch10_i386.deb
 1e8e577d3543eaad1b4bff4e0cf5b5f5 115584 libdevel extra libsmbclient-dev_3.0.24-6etch10_i386.deb
 96e2f55e96427d3eb40d23624ede68ae 1865434 net optional winbind_3.0.24-6etch10_i386.deb
 93001f5f07039bcede1b6d0850501d90 5658206 python optional python-samba_3.0.24-6etch10_i386.deb
 ec2ec2ffee6664d007356a4c2c062249 11889084 devel extra samba-dbg_3.0.24-6etch10_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIPw7O1OXtrMAUPS0RAgUhAKCrgsH3pQ1TePHTZkY/aNqhlKvgpgCguUi8
O0VnoWel4cglSfJAgp2aiCg=
=7FcX
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Aug 2008 07:26:40 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 11:23:26 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.