Project

General

Profile

Bug #14606

Badlock fix SSU: CVE-2016-2118

Added by Jordan Hubbard over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Expected
Assignee:
Vaibhav Chauhan
Category:
OS
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

When the Samba team releases their fix for Badlocker, we'll need to release a rapid-response SU (as discussed in the last tech meeting) containing just this fix. This should be branched from the previous 9.10 SU on master so we don't drag any other pending fixes in.


Related issues

Copied from FreeNAS - Bug #14605: Badlock fix SSU: CVE-2016-2118Resolved2016-04-12

Associated revisions

Revision 6e8b05f2 (diff)
Added by Suraj Ravichandran over 4 years ago

Add patch for badlocker bug. This is essentially a cherry-pick of middleware repo's: d569fabd9671f6d9fee28eaa42896af50f0d154b for freenas9.10 Ticket: #14606

Revision 87812695 (diff)
Added by Suraj Ravichandran over 4 years ago

Add patch for badlocker bug. This is essentially a cherry-pick of middleware repo's: d569fabd9671f6d9fee28eaa42896af50f0d154b for freenas9.10 Ticket: #14606 (cherry picked from commit 6e8b05f2d7dc73076ef499a2996a1592d5ecf656)

History

#1 Updated by Jordan Hubbard over 4 years ago

  • Copied from Bug #14605: Badlock fix SSU: CVE-2016-2118 added

#2 Updated by Vaibhav Chauhan over 4 years ago

  • Status changed from Unscreened to Screened

#3 Updated by Josh Paetzel over 4 years ago

samba has released the fixes.

http://badlock.org/

#4 Updated by Josh Paetzel over 4 years ago

https://www.samba.org/samba/latest_news.html#4.4.2

Attention for Samba vendors:

If you represent an existing vendor that ships Samba in their products, consider registering with Samba Team. To do so, please send details about your product, security contact person list (with individual email addresses), and GPG key fingerprint to , from your official corporate email address. Please register with the Samba Bugzilla instance using the same email address(es).

It looks like most of the issues are MiTM

#5 Updated by Vaibhav Chauhan over 4 years ago

applying patch taken from https://download.samba.org/pub/samba/patches/security/samba-4.3.6-security-2016-04-12-final.patch gives me the following error, who should I report this bug to ?

Applying: selftest: add some helper scripts to mange a CA
/home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:457: trailing whitespace.
  1. extensions =
    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:554: trailing whitespace.
  2. This sets a mask for permitted string types. There are several options.
    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:619: trailing whitespace.
  3. Key usage: this is typical for a CA certificate.
    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:638: new blank line at EOF.

    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:646: new blank line at EOF.

    warning: squelched 1 whitespace error
    warning: 6 lines add whitespace errors.
    Applying: selftest: add config and script to create a samba.example.com CA
    Applying: selftest: add CA-samba.example.com (non-binary) files
    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:149: trailing whitespace.
    X509v3 Basic Constraints:
    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:151: trailing whitespace.
    X509v3 CRL Distribution Points:
    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:156: trailing whitespace.
    Netscape Cert Type:
    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:158: trailing whitespace.
    X509v3 Key Usage:
    /home/vaibhav/freenas-build/_BE/samba/.git/rebase-apply/patch:160: trailing whitespace.
    Netscape Comment:
    warning: squelched 101 whitespace errors
    warning: 106 lines add whitespace errors.

#6 Updated by Jordan Hubbard over 4 years ago

  • Subject changed from Badlock fix SSU to Badlock fix SSU: CVE-2016-2118

#7 Updated by Vaibhav Chauhan over 4 years ago

  • Status changed from Screened to Resolved

#8 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Target version changed from 261 to N/A

Also available in: Atom PDF