Summary: | net/samba{35+}: Security vulnerability: CVE-2017-7494 (RCE) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Kubilay Kocak <koobs> | ||||||
Component: | Individual Port(s) | Assignee: | Timur I. Bakeyev <timur> | ||||||
Status: | Closed Overcome By Events | ||||||||
Severity: | Affects Many People | CC: | brnrd, emaste, koobs, ports-secteam, timur | ||||||
Priority: | Normal | Keywords: | security | ||||||
Version: | Latest | Flags: | koobs:
maintainer-feedback?
(timur) koobs: merge-quarterly? |
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
URL: | https://www.samba.org/samba/security/CVE-2017-7494.html | ||||||||
Attachments: |
|
Description
Kubilay Kocak
2017-05-25 00:57:56 UTC
Created attachment 182878 [details] svn diff for net/samba46 Created the vuxml entry yesterday. fwiw... Simply updating to 4.6.4 in ports worked for me. https://brnrd.eu/poudriere/data/110libre-default/2017-05-24_11h36m05s/logs/samba46-4.6.4.log net/samba46: Security update to 4.6.4 - Upstream security update PR: 219514 MFH: 2017Q2 Security: 6f4d96c0-4062-11e7-b291-b499baebfeaf Security: CVE-2017-7494 (In reply to Bernard Spil from comment #1) Hi, Bernard! I'm not certain, what should I do regarding this ticket... Author: timur Date: Wed May 24 14:53:46 2017 New Revision: 441602 URL: https://svnweb.freebsd.org/changeset/ports/441602 Log: Urgent upgrade of the Samba 4.[4-6] ports to address RCE in the Samba code(CVE-2017-7494). All versions starting from 3.5+ are affected. Security: CVE-2017-7494 Hi Timur, (In reply to Timur I. Bakeyev from comment #2) Hi Timur, as you've updated the 4.4, 4.5 and 4.6 ports we need to figure out what to do with the older ports. These should be marked deprecated. Created attachment 182879 [details]
svn diff for net/samba4[23]
net/samba43: Mark 4.2, 4.3 deprecated
- Mark net/amba42, 43 deprecated
- Update conflicts (assume all future conflict)
PR: 219514
Security: 6f4d96c0-4062-11e7-b291-b499baebfeaf
Shoot! Missed MFH: 2017Q2 net/samba43: Mark 4.2, 4.3 deprecated - Mark net/amba42, 43 deprecated - Update conflicts (assume all future conflict) PR: 219514 MFH: 2017Q2 Security: 6f4d96c0-4062-11e7-b291-b499baebfeaf (In reply to Bernard Spil from comment #4) I'm all for the deprecation of the 4.2 and 4.3 ports. So, go for it! A commit references this bug: Author: brnrd Date: Thu May 25 12:36:49 UTC 2017 New revision: 441680 URL: https://svnweb.freebsd.org/changeset/ports/441680 Log: net/samba43: Mark 4.2 and 4.3 deprecated - Add deprecation date and message - Update/simplify conflicts PR: 219514 Approved by: timur (maintainer) MFH: 2017Q2 Security: 6f4d96c0-4062-11e7-b291-b499baebfeaf Changes: head/net/samba42/Makefile head/net/samba43/Makefile base r441602 requires MFH to 2016Q2 Uh, ports r441602 rather. A commit references this bug: Author: feld Date: Tue May 30 13:18:38 UTC 2017 New revision: 442060 URL: https://svnweb.freebsd.org/changeset/ports/442060 Log: MFH: r441602 Urgent upgrade of the Samba 4.[4-6] ports to address RCE in the Samba code(CVE-2017-7494). All versions starting from 3.5+ are affected. Security: CVE-2017-7494 Approved by: ports-secteam (with hat) PR: 219514 Changes: _U branches/2017Q2/ branches/2017Q2/net/samba44/Makefile branches/2017Q2/net/samba44/distinfo branches/2017Q2/net/samba45/Makefile branches/2017Q2/net/samba45/distinfo branches/2017Q2/net/samba46/Makefile branches/2017Q2/net/samba46/distinfo branches/2017Q2/net/samba46/files/patch-source3__librpc__crypto__gse.c branches/2017Q2/net/samba46/pkg-plist A commit references this bug: Author: feld Date: Tue May 30 13:20:14 UTC 2017 New revision: 442061 URL: https://svnweb.freebsd.org/changeset/ports/442061 Log: MFH: r441680 net/samba43: Mark 4.2 and 4.3 deprecated - Add deprecation date and message - Update/simplify conflicts PR: 219514 Approved by: timur (maintainer) Security: 6f4d96c0-4062-11e7-b291-b499baebfeaf Approved by: ports-secteam (with hat) Changes: _U branches/2017Q2/ branches/2017Q2/net/samba42/Makefile branches/2017Q2/net/samba43/Makefile |