Ubuntu
samba package

Badlock security update tracking bug

Bug #1569497 reported by Marc Deslauriers on 2016-04-12

290

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	samba (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Today Samba released updates for the Badlock security issue:

http://badlock.org/

This bug is for tracking regressions while the updated packages are in the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Steve Beattie (sbeattie) on 2016-04-12

Changed in samba (Ubuntu):
status:	New → In Progress

Revision history for this message

Simon Déziel (sdeziel) wrote on 2016-04-12:

#1

Prior to this update, the usr.sbin.smbd profile was missing those Apparmor rules:

  capability audit_write,
  /usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
  /usr/lib/@{multiarch}/samba/**/ r,
  /usr/lib/@{multiarch}/samba/**/*.so{,.[0-9]*} mr,

Now with 4.3.8+dfsg-0ubuntu0.14.04.2, the following additional rules are also needed:

/{,var/}run/samba/msg.lock/ rw,
/{,var/}run/samba/msg.lock/[0-9]* rwk,

Revision history for this message

Simon Déziel (sdeziel) wrote on 2016-04-12:

#2

On some other configurations I've also seen the sys_admin capability to be needed. I think this capability is needed when using the "force user/group" options.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2016-04-12:

#3

Thanks Simon!

Could you please file a bug against the apparmor package, where that profile is located since it's not actually part of the packages in this update? Thanks!

Revision history for this message

Simon Déziel (sdeziel) wrote on 2016-04-12:

#4

Apologies, the AA profile is not shipped with Samba. Please ignore my previous comments (#1 and #2).

The test packages work well on Trusty!

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2016-04-18:

#5

This has now been released

http://www.ubuntu.com/usn/usn-2950-1/

Changed in samba (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related questions

samba in Ubuntu: 14.04 LTS plans when Samba 4.1 hits EOL

Remote bug watches

Bug watches keep track of this bug in other bug trackers.