Your message dated Tue, 01 Mar 2011 13:55:29 +0000
with message-id <[email protected]>
and subject line Bug#574468: fixed in samba 2:3.5.6~dfsg-3squeeze2
has caused the Debian Bug report #574468,
regarding samba: pam_winbind leaks file descriptors
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
574468: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574468
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: samba
Version: 2:3.4.7~dfsg-1~bpo50+1
Severity: important
Tags: patch
The pam_winbind module leaks file descriptors. wb_common.c keeps its
file descriptor in the winbindd_fd global variable and closes that
through the winbind_close_sock function, but there's no provision for
making sure that winbind_close_sock is called when pam_winbind is closed
via dlclose.
A symptom of this is that Apache, if set up to use its auth_pam module,
is eventually unable to authenticate new users.
The attached patch instructs gcc to treat winbind_close_sock as a
destructor. This is the simplest fix but maybe not the best; from
looking at the docs, specifying a cleanup function to pam_set_data (and
doing something else for nss_winbind?) may be more correct.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (900, 'stable'), (750, 'unstable'), (700, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages samba depends on:
ii adduser 3.110 add and remove users and groups
ii debconf 1.5.24 Debian configuration management sy
ii libacl1 2.2.47-2 Access control list shared library
ii libattr1 1:2.4.43-2 Extended attribute shared library
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libcap2 2.11-2 support for getting/setting POSIX.
ii libcomer 1.41.3-1 common error description library
ii libcups2 1.3.8-1+lenny8 Common UNIX Printing System(tm) -
ii libgnutl 2.4.2-6+lenny2 the GNU TLS library - runtime libr
ii libkrb53 1.6.dfsg.4~beta1-5lenny2 MIT Kerberos runtime libraries
ii libldap- 2.4.11-1+lenny1 OpenLDAP libraries
ii libpam-m 1.0.1-5+lenny1 Pluggable Authentication Modules f
ii libpam-r 1.0.1-5+lenny1 Runtime support for the PAM librar
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libtallo 2.0.1-1~bpo50+1 hierarchical pool based memory all
ii libwbcli 2:3.4.7~dfsg-1~bpo50+1 Samba winbind client library
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii procps 1:3.2.7-11 /proc file system utilities
ii samba-co 2:3.4.7~dfsg-1~bpo50+1 common files used by both the Samb
ii update-i 4.31 inetd configuration file updater
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages samba recommends:
ii logrotate 3.7.1-5 Log rotation utility
Versions of packages samba suggests:
ii ctdb 1.0.99-1~bpo50+1 clustered database to store tempor
pn ldb-tools <none> (no description available)
ii openbsd-inetd [inet-sup 0.20080125-2 The OpenBSD Internet Superserver
pn smbldap-tools <none> (no description available)
-- debconf information:
samba/run_mode: daemons
samba/generate_smbpasswd: true
diff -r samba-3.4.7.orig/nsswitch/winbind_client.h samba-3.4.7/nsswitch/winbind_client.h
28c28
< void winbind_close_sock(void);
---
> void winbind_close_sock(void) __attribute__((destructor));
--- End Message ---
--- Begin Message ---
Source: samba
Source-Version: 2:3.5.6~dfsg-3squeeze2
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:
libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
samba-common_3.5.6~dfsg-3squeeze2_all.deb
to main/s/samba/samba-common_3.5.6~dfsg-3squeeze2_all.deb
samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
to main/s/samba/samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
samba-doc_3.5.6~dfsg-3squeeze2_all.deb
to main/s/samba/samba-doc_3.5.6~dfsg-3squeeze2_all.deb
samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
to main/s/samba/samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
samba_3.5.6~dfsg-3squeeze2.dsc
to main/s/samba/samba_3.5.6~dfsg-3squeeze2.dsc
samba_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/samba_3.5.6~dfsg-3squeeze2_i386.deb
smbclient_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/smbclient_3.5.6~dfsg-3squeeze2_i386.deb
swat_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/swat_3.5.6~dfsg-3squeeze2_i386.deb
winbind_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/winbind_3.5.6~dfsg-3squeeze2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <[email protected]> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 23 Feb 2011 20:14:40 +0100
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat
samba-doc samba-doc-pdf libpam-smbpass libsmbclient libsmbclient-dev winbind
samba-dbg libwbclient0
Architecture: source all i386
Version: 2:3.5.6~dfsg-3squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Christian Perrier <[email protected]>
Description:
libpam-smbpass - pluggable authentication module for Samba
libsmbclient - shared library for communication with SMB/CIFS servers
libsmbclient-dev - development files for libsmbclient
libwbclient0 - Samba winbind client library
samba - SMB/CIFS file, print, and login server for Unix
samba-common - common files used by both the Samba server and client
samba-common-bin - common files used by both the Samba server and client
samba-dbg - Samba debugging symbols
samba-doc - Samba documentation
samba-doc-pdf - Samba documentation in PDF format
samba-tools - Samba testing utilities
smbclient - command-line SMB/CIFS clients for Unix
swat - Samba Web Administration Tool
winbind - Samba nameservice integration server
Closes: 574468 607402
Changes:
samba (2:3.5.6~dfsg-3squeeze2) stable-security; urgency=high
.
* Security update, fixing the following issue:
- CVE-2011-0719: denial of service by memory corruption
.
samba (2:3.5.6~dfsg-3squeeze1) stable-proposed-updates; urgency=low
.
* Fix pam_winbind file descriptor leak with a patch
proposed in https://bugzilla.samba.org/show_bug.cgi?id=7265.
Upstream claim is that #7265 is fixed in 3.5.6 but our bug submitter
confirmed it is not while the patch applied here fixes the file
descriptor leak.
Closes: #574468
.
[ Debconf translations ]
* Brazilian Portuguese (Adriano Rafael Gomes). Closes: #607402
Checksums-Sha1:
70af8580530b4aaea1d2e1a95bc8d15fdebdbe01 2957 samba_3.5.6~dfsg-3squeeze2.dsc
be93e8309c3a37bffd4130fb25e9cc1fd19669d8 26593319 samba_3.5.6~dfsg.orig.tar.bz2
bb6061209095fa1393758afc7b7346309aaf411a 501857
samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
ac44dbcb160d961d5b2d798693fb03797c692438 387032
samba-common_3.5.6~dfsg-3squeeze2_all.deb
183a8cbdcdd7688a756378f2812bab428a788915 1728644
samba-doc_3.5.6~dfsg-3squeeze2_all.deb
554b299df0a098ea81767dbe89a0809599d35ff6 7107866
samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
7a9380e457b507d35317afc47fd0e2ad51bd36a9 7635590
samba_3.5.6~dfsg-3squeeze2_i386.deb
a80433e1f0f7ac2f8254a8bbcb00e4c62a99d75a 5843666
samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
eef4d6c8e6d6344aa71de6393f1bd08fb41b8a71 10599356
samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
b4b689976314dc92a0caa5de3c16e4362288b5e6 13837760
smbclient_3.5.6~dfsg-3squeeze2_i386.deb
344207011a97c93e939894c4bcfb66a44d1c256a 2266884
swat_3.5.6~dfsg-3squeeze2_i386.deb
4801f9982264e6aac43da4aa258210129d39b850 828662
libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
8a8e45914019fbfe1889e0424958f45c2d476e15 1968928
libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
5f5a9d6f884ce8c7014bea7057939e40193ad838 2897154
libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
fd27ec6eaf46febcc24cb7c6bf06c4a93cff3de3 5294422
winbind_3.5.6~dfsg-3squeeze2_i386.deb
b3eb83011d023675fec06d0b59ee8ef23c6c2572 57304262
samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
c31dd339db12d41b60e6ebfe019ce6b1b6416f8a 112266
libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
Checksums-Sha256:
7b1523281e30d7eabd2972f505a38d68033ec22fad9e6c0d0385e1881af15d40 2957
samba_3.5.6~dfsg-3squeeze2.dsc
fefa62897871877ceacdaece26b3dd3f0c19c8baae70970639b735f46e982e62 26593319
samba_3.5.6~dfsg.orig.tar.bz2
035d5c811958faa3aed2df537841bc557462d4842b213b2bab9024c7c7a9afdc 501857
samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
046897e89b0fd425e39e58cc0bc78d4bfa2ab093ecef4a99284e67551dd219ec 387032
samba-common_3.5.6~dfsg-3squeeze2_all.deb
9488e8f30d8656a3dddcec6ecd7f951871026d1604dc144841016987c6077209 1728644
samba-doc_3.5.6~dfsg-3squeeze2_all.deb
fe8bb2e77117196e89102151b0bb9641aea6c44f690deffe9b60066266c4719f 7107866
samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
045c5128121bc84c38154cb6c8e3ab517b2869cc58487a4047676e97933f3be7 7635590
samba_3.5.6~dfsg-3squeeze2_i386.deb
075425a594318b88736281573facb7955baae63dff6c3dac81c250927178239b 5843666
samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
1451bf93efa706f89631d2c191686ec65d59b0cd6fe1378959f1fd3796e999d1 10599356
samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
ba6b94113914a76afbd8658bf551c54667cb6fad7e07e18dd9050e4c203f70bc 13837760
smbclient_3.5.6~dfsg-3squeeze2_i386.deb
0a28aa1f9d37240553d1881fda155126fb3ca766136f493a7c3a09121daa6382 2266884
swat_3.5.6~dfsg-3squeeze2_i386.deb
c46fd17670ee0324e2b831ffb52dc6e96f77c7d0e4820fcf1451e201704449e0 828662
libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
ff7210e82c8858dd24aea7e448526941d9c8ea6fb4e49133443e546a0a4e709d 1968928
libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
bf1262c32d077687b4875852e58df10502ed06fd925a268b1bc39fafb14e05e1 2897154
libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
76090659205e8fc265545fa95087d27adca2af8572915ec944d4a152b10b14e9 5294422
winbind_3.5.6~dfsg-3squeeze2_i386.deb
a61d361c1e24f026c9ecbe7baf0cfafade3c9e52f2b66dd93b2ace31b020e226 57304262
samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
aea5e6a05ccd52edd2bb5c38a39be066dee1732914270c59ad94676c4c81c276 112266
libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
Files:
277c5d609f51d90052badf6d24f4bfcc 2957 net optional
samba_3.5.6~dfsg-3squeeze2.dsc
d58979841b8a252aea2223f37ec22de2 26593319 net optional
samba_3.5.6~dfsg.orig.tar.bz2
56c2dca732fa14962f133b088b6fd5ff 501857 net optional
samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
2f37fc4f4015e57d8836bcf37658592c 387032 net optional
samba-common_3.5.6~dfsg-3squeeze2_all.deb
2e4b212a79859ef1df099321f0b25cf4 1728644 doc optional
samba-doc_3.5.6~dfsg-3squeeze2_all.deb
8a4d39d024b2c9a3271a1ee23eb8ac9c 7107866 doc optional
samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
92fb85a851ec61fdd8ea93b434d4e38f 7635590 net optional
samba_3.5.6~dfsg-3squeeze2_i386.deb
72bdce95b15e8e6b42634a4870183467 5843666 net optional
samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
66b6850954fc3c887cf961efa393e9e0 10599356 net optional
samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
27c45ff82ee3e8d04bb7fc402b86b85c 13837760 net optional
smbclient_3.5.6~dfsg-3squeeze2_i386.deb
f92a18d0c3c7c5784afadc94dfe597ae 2266884 net optional
swat_3.5.6~dfsg-3squeeze2_i386.deb
b6a7e7f816fa8be3859c8216e15753f8 828662 admin extra
libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
0020ec59808cab44b6765f0c329697c0 1968928 libs optional
libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
7603a797b5a59a075055ebc548b8e29c 2897154 libdevel extra
libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
63820f412735fef3ac4e84ca08046d0a 5294422 net optional
winbind_3.5.6~dfsg-3squeeze2_i386.deb
414a0777d680c760b1975c63d2b5c4a0 57304262 debug extra
samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
517fc0f666e72b48fb5c0516b9702695 112266 libs optional
libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIVAwUBTWgnWocvcCxNbiWoAQJ26w/+PVNGFBIupHZL4IQrxcIFc+q/7HW4cBIE
j5oiXMft6kKxI79S9/KLki33W9Y7AA7DmCb/CkS2WI4nV8YnSCzFIbf70qBu2dx/
gxbrw4LS9D8X+xEEpMIxYcikp3ngefa5icLKak/ft89W4phovn6rfp3lMYJ7Zjj7
Ruif0pcR5QVTC0TIOQdy07melkQ3r4ftgt5hy8D8k2qzYWN1ChkYKv1Vm7M3Ujv1
Lwy/PW+LMZyF07we6mQKztNpyOUYQQgol5OPHbXIyq+TENc2hwQHyDpHmXREvQCZ
1LhqckCvV+zqivgir7L3pYcHPPsx1rrf07e93ktSmgjL2/iQNvRCMnkLgmfBkMaR
KtJhuKOjqFGvRC/h5mYZMcstT0HpqudGYsX85QaCBOoPx2KF9mT5Hu9LbKaEe0/B
leGL05+wVe/JhI0rV6/C+EfrbpCBXMVdkZuP9f3Nq5V4/q1gl3XGyD1oCDjc+m1X
aAECr3eMzGgrk7U7q4TTJ5C6W/Xp6GyHS6Nfe+LZiC2240iaZqYTRqXp978rd0xC
mYZ4f2OPbB+BbkkGGWaSZ5YnTgGf/Sqb9xj461SvmWHAiIf8X2+6Ta9lujKEIumn
3iyxj7QdpKtmgWsYlHvLjCSFivlR3EF88jx1sZVXqYDVuObV4EDp5lsM8rpncg03
OwnH/3gPiQE=
=gsL8
-----END PGP SIGNATURE-----
--- End Message ---
