It was brought to my attention that, because of latest security fixes for samba:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739
samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium
when library symbols changed, a samba upgrade MAY jeopardize an entire Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service (specially if used before compat mechanism).
----
How to reproduce easily:
$ cat /etc/nsswitch.conf passwd: winbind compat shadow: compat group: winbind compat
(winbind is usually used after compat, in this case it was used before)
to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do a:
$ sudo apt-get update
and FINALLY:
""" $ sudo apt-get --only-upgrade install samba Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libhdb9-heimdal libkdc2-heimdal libntdb1 python-ntdb Use 'apt-get autoremove' to remove them. The following extra packages will be installed: libldb1 libnss-winbind libpam-winbind libtdb1 libtevent0 libwbclient0 python-ldb python-samba python-tdb samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules winbind Suggested packages: bind9 bind9utils ldb-tools smbldap-tools heimdal-clients The following packages will be upgraded: libldb1 libnss-winbind libpam-winbind libtdb1 libtevent0 libwbclient0 python-ldb python-samba python-tdb samba samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules winbind 16 upgraded, 0 newly installed, 0 to remove and 219 not upgraded. Need to get 8,877 kB of archives. After this operation, 5,632 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main python-ldb amd64 1:1.1.24-0ubuntu0.14.04.1 [29.2 kB] Get:2 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main python-tdb amd64 1.3.8-0ubuntu0.14.04.1 [10.8 kB] Get:3 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main libtdb1 amd64 1.3.8-0ubuntu0.14.04.1 [38.3 kB] Get:4 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main libtevent0 amd64 0.9.28-0ubuntu0.14.04.1 [26.2 kB] Get:5 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-dsdb-modules amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [219 kB] Get:6 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/universe libnss-winbind amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [12.6 kB] Get:7 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/universe libpam-winbind amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [28.2 kB] Get:8 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main winbind amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [411 kB] Get:9 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main libwbclient0 amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [30.8 kB] Get:10 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main samba amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [903 kB] Get:11 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-common-bin amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [508 kB] Get:12 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-common all 2:4.3.9+dfsg-0ubuntu0.14.04.1 [82.9 kB] Get:13 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main python-samba amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [1,068 kB] Get:14 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-vfs-modules amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [259 kB] Get:15 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main samba-libs amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 [5,144 kB] Get:16 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main libldb1 amd64 1:1.1.24-0ubuntu0.14.04.1 [107 kB] Fetched 8,877 kB in 14s (594 kB/s) Preconfiguring packages ... (Reading database ... 115393 files and directories currently installed.) Preparing to unpack .../python-ldb_1%3a1.1.24-0ubuntu0.14.04.1_amd64.deb ... Unpacking python-ldb (1:1.1.24-0ubuntu0.14.04.1) over (1:1.1.16-1ubuntu0.1) ... Preparing to unpack .../python-tdb_1.3.8-0ubuntu0.14.04.1_amd64.deb ... Unpacking python-tdb (1.3.8-0ubuntu0.14.04.1) over (1.2.12-1) ... Preparing to unpack .../libtdb1_1.3.8-0ubuntu0.14.04.1_amd64.deb ... Unpacking libtdb1:amd64 (1.3.8-0ubuntu0.14.04.1) over (1.2.12-1) ... Preparing to unpack .../libtevent0_0.9.28-0ubuntu0.14.04.1_amd64.deb ... Unpacking libtevent0:amd64 (0.9.28-0ubuntu0.14.04.1) over (0.9.19-1) ... Preparing to unpack .../samba-dsdb-modules_2%3a4.3.9+dfsg-0ubuntu0.14.04.1_amd64.deb ... Unpacking samba-dsdb-modules (2:4.3.9+dfsg-0ubuntu0.14.04.1) over (2:4.1.6+dfsg-1ubuntu2.14.04.13) ... Preparing to unpack .../libnss-winbind_2%3a4.3.9+dfsg-0ubuntu0.14.04.1_amd64.deb ... Unpacking libnss-winbind:amd64 (2:4.3.9+dfsg-0ubuntu0.14.04.1) over (2:4.1.6+dfsg-1ubuntu2.14.04.13) ... dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped dpkg: error processing archive /var/cache/apt/archives/libpam-winbind_2%3a4.3.9+dfsg-0ubuntu0.14.04.1_amd64.deb (--unpack): subprocess dpkg-deb --control returned error exit status 2 dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped dpkg: error processing archive /var/cache/apt/archives/winbind_2%3a4.3.9+dfsg-0ubuntu0.14.04.1_amd64.deb (--unpack): subprocess dpkg-deb --control returned error exit status 2 dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped dpkg: error processing archive /var/cache/apt/archives/libwbclient0_2%3a4.3.9+dfsg-0ubuntu0.14.04.1_amd64.deb (--unpack): subprocess dpkg-deb --control returned error exit status 2 dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped """
Leading into an unusable system.
Workaround:
DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d with "pam-auth-update") before ANY attempt of upgrading samba to latest version.
It was brought to my attention that, because of latest security fixes for samba:
https:/ /bugs.launchpad .net/ubuntu/ +source/ samba/+ bug/1577739
samba (2:4.3. 9+dfsg- 0ubuntu0. 14.04.1) trusty-security; urgency=medium 8+dfsg- 0ubuntu0. 14.04.2) trusty-security; urgency=medium 6+dfsg- 1ubuntu2. 14.04.13) trusty-security; urgency=medium
samba (2:4.3.
samba (2:4.1.
when library symbols changed, a samba upgrade MAY jeopardize an entire Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service (specially if used before compat mechanism).
----
How to reproduce easily:
$ cat /etc/nsswitch.conf
passwd: winbind compat
shadow: compat
group: winbind compat
(winbind is usually used after compat, in this case it was used before)
to have samba version "4.1.6+ dfsg-1ubuntu2. 14.04.13" installed and do a:
$ sudo apt-get update
and FINALLY:
""" dsdb-modules samba-libs samba-vfs-modules winbind dsdb-modules samba-libs samba-vfs-modules winbind us.archive. ubuntu. com/ubuntu/ trusty-updates/main python-ldb amd64 1:1.1.24- 0ubuntu0. 14.04.1 [29.2 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main python-tdb amd64 1.3.8-0ubuntu0. 14.04.1 [10.8 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main libtdb1 amd64 1.3.8-0ubuntu0. 14.04.1 [38.3 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main libtevent0 amd64 0.9.28- 0ubuntu0. 14.04.1 [26.2 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main samba-dsdb-modules amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [219 kB] us.archive. ubuntu. com/ubuntu/ trusty- updates/ universe libnss-winbind amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [12.6 kB] us.archive. ubuntu. com/ubuntu/ trusty- updates/ universe libpam-winbind amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [28.2 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main winbind amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [411 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main libwbclient0 amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [30.8 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main samba amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [903 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main samba-common-bin amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [508 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main samba-common all 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [82.9 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main python-samba amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [1,068 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main samba-vfs-modules amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [259 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main samba-libs amd64 2:4.3.9+ dfsg-0ubuntu0. 14.04.1 [5,144 kB] us.archive. ubuntu. com/ubuntu/ trusty-updates/main libldb1 amd64 1:1.1.24- 0ubuntu0. 14.04.1 [107 kB] ldb_1%3a1. 1.24-0ubuntu0. 14.04.1_ amd64.deb ... 24-0ubuntu0. 14.04.1) over (1:1.1. 16-1ubuntu0. 1) ... tdb_1.3. 8-0ubuntu0. 14.04.1_ amd64.deb ... 0ubuntu0. 14.04.1) over (1.2.12-1) ... 1.3.8-0ubuntu0. 14.04.1_ amd64.deb ... 0ubuntu0. 14.04.1) over (1.2.12-1) ... 0.9.28- 0ubuntu0. 14.04.1_ amd64.deb ... 0ubuntu0. 14.04.1) over (0.9.19-1) ... dsdb-modules_ 2%3a4.3. 9+dfsg- 0ubuntu0. 14.04.1_ amd64.deb ... 9+dfsg- 0ubuntu0. 14.04.1) over (2:4.1. 6+dfsg- 1ubuntu2. 14.04.13) ... winbind_ 2%3a4.3. 9+dfsg- 0ubuntu0. 14.04.1_ amd64.deb ... winbind: amd64 (2:4.3. 9+dfsg- 0ubuntu0. 14.04.1) over (2:4.1. 6+dfsg- 1ubuntu2. 14.04.13) ... apt/archives/ libpam- winbind_ 2%3a4.3. 9+dfsg- 0ubuntu0. 14.04.1_ amd64.deb (--unpack): apt/archives/ winbind_ 2%3a4.3. 9+dfsg- 0ubuntu0. 14.04.1_ amd64.deb (--unpack): apt/archives/ libwbclient0_ 2%3a4.3. 9+dfsg- 0ubuntu0. 14.04.1_ amd64.deb (--unpack):
$ sudo apt-get --only-upgrade install samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libhdb9-heimdal libkdc2-heimdal libntdb1 python-ntdb
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
libldb1 libnss-winbind libpam-winbind libtdb1 libtevent0 libwbclient0
python-ldb python-samba python-tdb samba-common samba-common-bin
samba-
Suggested packages:
bind9 bind9utils ldb-tools smbldap-tools heimdal-clients
The following packages will be upgraded:
libldb1 libnss-winbind libpam-winbind libtdb1 libtevent0 libwbclient0
python-ldb python-samba python-tdb samba samba-common samba-common-bin
samba-
16 upgraded, 0 newly installed, 0 to remove and 219 not upgraded.
Need to get 8,877 kB of archives.
After this operation, 5,632 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://
Get:2 http://
Get:3 http://
Get:4 http://
Get:5 http://
Get:6 http://
Get:7 http://
Get:8 http://
Get:9 http://
Get:10 http://
Get:11 http://
Get:12 http://
Get:13 http://
Get:14 http://
Get:15 http://
Get:16 http://
Fetched 8,877 kB in 14s (594 kB/s)
Preconfiguring packages ...
(Reading database ... 115393 files and directories currently installed.)
Preparing to unpack .../python-
Unpacking python-ldb (1:1.1.
Preparing to unpack .../python-
Unpacking python-tdb (1.3.8-
Preparing to unpack .../libtdb1_
Unpacking libtdb1:amd64 (1.3.8-
Preparing to unpack .../libtevent0_
Unpacking libtevent0:amd64 (0.9.28-
Preparing to unpack .../samba-
Unpacking samba-dsdb-modules (2:4.3.
Preparing to unpack .../libnss-
Unpacking libnss-
dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped
dpkg: error processing archive /var/cache/
subprocess dpkg-deb --control returned error exit status 2
dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped
dpkg: error processing archive /var/cache/
subprocess dpkg-deb --control returned error exit status 2
dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped
dpkg: error processing archive /var/cache/
subprocess dpkg-deb --control returned error exit status 2
dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped
"""
Leading into an unusable system.
Workaround:
DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d with "pam-auth-update") before ANY attempt of upgrading samba to latest version.