Badlock security update tracking bug

Bug #1569497 reported by Marc Deslauriers on 2016-04-12
290
This bug affects 6 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Undecided
Unassigned

Bug Description

Today Samba released updates for the Badlock security issue:

http://badlock.org/

This bug is for tracking regressions while the updated packages are in the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Steve Beattie (sbeattie) on 2016-04-12
Changed in samba (Ubuntu):
status: New → In Progress
Simon Déziel (sdeziel) wrote :

Prior to this update, the usr.sbin.smbd profile was missing those Apparmor rules:

  capability audit_write,
  /usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
  /usr/lib/@{multiarch}/samba/**/ r,
  /usr/lib/@{multiarch}/samba/**/*.so{,.[0-9]*} mr,

Now with 4.3.8+dfsg-0ubuntu0.14.04.2, the following additional rules are also needed:

  /{,var/}run/samba/msg.lock/ rw,
  /{,var/}run/samba/msg.lock/[0-9]* rwk,

Simon Déziel (sdeziel) wrote :

On some other configurations I've also seen the sys_admin capability to be needed. I think this capability is needed when using the "force user/group" options.

Marc Deslauriers (mdeslaur) wrote :

Thanks Simon!

Could you please file a bug against the apparmor package, where that profile is located since it's not actually part of the packages in this update? Thanks!

Simon Déziel (sdeziel) wrote :

Apologies, the AA profile is not shipped with Samba. Please ignore my previous comments (#1 and #2).

The test packages work well on Trusty!

Marc Deslauriers (mdeslaur) wrote :

This has now been released

http://www.ubuntu.com/usn/usn-2950-1/

Changed in samba (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Related questions