critical: kernel/samba security update
critical
An update for kernel/samba is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
kernel: This package contains the bpftool, which allows inspection and simple manipulation of eBPF programs and maps.
samba: The samba-pidl package contains the Perl IDL compiler used by Samba and Wireshark to parse IDL and similar protocols
Security Fix(es):
kernel: A use-after-free flaw was found in slcan_write_wakeup in drivers/net/can/slcan.c in the serial CAN module slcan. A race condition occurs when communicating with can using slcan between the write (scheduling the transmit) and closing (flushing out any pending queues) the SLCAN channel. This flaw allows a local attacker with special user or root privileges to cause a denial of service or a kernel information leak. The highest threat from this vulnerability is to system availability.(CVE-2020-14416)
kernel: bugfix
samba: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.(CVE-2016-2124)
samba: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2021-20254)
samba: All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.(CVE-2021-43566)
samba: A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.(CVE-2020-25717)
samba: An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module (vfs_fruit), a remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and execute arbitrary code with root privileges.(CVE-2021-44142)
samba: A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.(CVE-2021-23192)
samba: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.B0P1B7.