Your message dated Tue, 01 Mar 2011 13:55:29 +0000
with message-id <[email protected]>
and subject line Bug#574468: fixed in samba 2:3.5.6~dfsg-3squeeze2
has caused the Debian Bug report #574468,
regarding Possible file descriptor leak in pam_winbind
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
574468: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574468
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sasl2-bin
Version: 2.1.23.dfsg1-6
Severity: critical
Justification: breaks unrelated software
Using saslauthd in support of secure SMTP with postfix.
saslauthd is configured to use pam.
/etc/pam.d/smtp looks like this:
account required pam_permit.so
auth sufficient pam_winbind.so debug
auth required pam_deny.so
This is working fine - users can authenticate against Active Directory
when sending email over secure ports 465 and 587 on Postfix.
Once every two weeks or so, saslauthd requires a restart to fix
a failure to authenticate. Nothing else needs to be touched
to remedy the failure.
When the failure appears, this is observed in the auth.log:
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to
dlopen(/lib/security/pam_winbind.so): /lib/security/pam_winbind.so: cannot open
shared object file: Too many open files Dec 5 15:45:22 myhostname
saslauthd[32586]: PAM adding faulty module: /lib/security/pam_winbind.so
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to
dlopen(/lib/security/pam_deny.so): /lib/security/pam_deny.so: cannot open
shared object file: Too many open files
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module:
/lib/security/pam_deny.so
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_load_conf_file: unable to
open /etc/pam.d/common-auth
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error loading (null)
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: error
reading /etc/pam.d/other
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: [Critical
error - immediate abort]
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error reading PAM configuration
file
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM pam_start: failed to initialize
handlers
Dec 5 15:45:22 myhostname saslauthd[32586]: DEBUG: auth_pam: pam_start failed:
Critical error - immediate abort
Dec 5 15:45:22 myhostname saslauthd[32586]: do_auth : auth failure:
[user=dteed] [service=smtp] [realm=] [mech=pam] [reason=PAM start error]
Dec 5 15:45:32 myhostname saslauthd[32586]: server_exit : master exited: 32586
Dec 5 15:45:32 myhostname saslauthd[1696]: detach_tty : master pid is: 1696
Dec 5 15:45:32 myhostname saslauthd[1696]: ipc_init : listening on socket:
/var/run/saslauthd/mux
saslauthd was used on a Redhat Enterprise 5.5 system in an identical
configuration prior to this
without a problem. The package on Redhat is cyrus-sasl-2.1.22-5.el5_4.3
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sasl2-bin depends on:
ii db4.8-util 4.8.30-2 Berkeley v4.8 Database Utilities
ii debconf [debconf-2.0] 1.5.36 Debian configuration management sy
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-2 common error description library
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libgssapi-krb5-2 1.8.3+dfsg-2 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-2 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-2 MIT Kerberos runtime libraries
ii libkrb5support0 1.8.3+dfsg-2 MIT Kerberos runtime libraries - S
ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libsasl2-2 2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii libssl0.9.8 0.9.8o-3 SSL shared libraries
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
sasl2-bin recommends no packages.
sasl2-bin suggests no packages.
-- Configuration Files:
/etc/default/saslauthd changed:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"
-- debconf information:
cyrus-sasl2/upgrade-sasldb2-failed:
cyrus-sasl2/backup-sasldb2: /var/backups/sasldb2.bak
cyrus-sasl2/upgrade-sasldb2-backup-failed:
cyrus-sasl2/purge-sasldb2: false
--- End Message ---
--- Begin Message ---
Source: samba
Source-Version: 2:3.5.6~dfsg-3squeeze2
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:
libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
samba-common_3.5.6~dfsg-3squeeze2_all.deb
to main/s/samba/samba-common_3.5.6~dfsg-3squeeze2_all.deb
samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
to main/s/samba/samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
samba-doc_3.5.6~dfsg-3squeeze2_all.deb
to main/s/samba/samba-doc_3.5.6~dfsg-3squeeze2_all.deb
samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
to main/s/samba/samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
samba_3.5.6~dfsg-3squeeze2.dsc
to main/s/samba/samba_3.5.6~dfsg-3squeeze2.dsc
samba_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/samba_3.5.6~dfsg-3squeeze2_i386.deb
smbclient_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/smbclient_3.5.6~dfsg-3squeeze2_i386.deb
swat_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/swat_3.5.6~dfsg-3squeeze2_i386.deb
winbind_3.5.6~dfsg-3squeeze2_i386.deb
to main/s/samba/winbind_3.5.6~dfsg-3squeeze2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <[email protected]> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 23 Feb 2011 20:14:40 +0100
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat
samba-doc samba-doc-pdf libpam-smbpass libsmbclient libsmbclient-dev winbind
samba-dbg libwbclient0
Architecture: source all i386
Version: 2:3.5.6~dfsg-3squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Christian Perrier <[email protected]>
Description:
libpam-smbpass - pluggable authentication module for Samba
libsmbclient - shared library for communication with SMB/CIFS servers
libsmbclient-dev - development files for libsmbclient
libwbclient0 - Samba winbind client library
samba - SMB/CIFS file, print, and login server for Unix
samba-common - common files used by both the Samba server and client
samba-common-bin - common files used by both the Samba server and client
samba-dbg - Samba debugging symbols
samba-doc - Samba documentation
samba-doc-pdf - Samba documentation in PDF format
samba-tools - Samba testing utilities
smbclient - command-line SMB/CIFS clients for Unix
swat - Samba Web Administration Tool
winbind - Samba nameservice integration server
Closes: 574468 607402
Changes:
samba (2:3.5.6~dfsg-3squeeze2) stable-security; urgency=high
.
* Security update, fixing the following issue:
- CVE-2011-0719: denial of service by memory corruption
.
samba (2:3.5.6~dfsg-3squeeze1) stable-proposed-updates; urgency=low
.
* Fix pam_winbind file descriptor leak with a patch
proposed in https://bugzilla.samba.org/show_bug.cgi?id=7265.
Upstream claim is that #7265 is fixed in 3.5.6 but our bug submitter
confirmed it is not while the patch applied here fixes the file
descriptor leak.
Closes: #574468
.
[ Debconf translations ]
* Brazilian Portuguese (Adriano Rafael Gomes). Closes: #607402
Checksums-Sha1:
70af8580530b4aaea1d2e1a95bc8d15fdebdbe01 2957 samba_3.5.6~dfsg-3squeeze2.dsc
be93e8309c3a37bffd4130fb25e9cc1fd19669d8 26593319 samba_3.5.6~dfsg.orig.tar.bz2
bb6061209095fa1393758afc7b7346309aaf411a 501857
samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
ac44dbcb160d961d5b2d798693fb03797c692438 387032
samba-common_3.5.6~dfsg-3squeeze2_all.deb
183a8cbdcdd7688a756378f2812bab428a788915 1728644
samba-doc_3.5.6~dfsg-3squeeze2_all.deb
554b299df0a098ea81767dbe89a0809599d35ff6 7107866
samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
7a9380e457b507d35317afc47fd0e2ad51bd36a9 7635590
samba_3.5.6~dfsg-3squeeze2_i386.deb
a80433e1f0f7ac2f8254a8bbcb00e4c62a99d75a 5843666
samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
eef4d6c8e6d6344aa71de6393f1bd08fb41b8a71 10599356
samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
b4b689976314dc92a0caa5de3c16e4362288b5e6 13837760
smbclient_3.5.6~dfsg-3squeeze2_i386.deb
344207011a97c93e939894c4bcfb66a44d1c256a 2266884
swat_3.5.6~dfsg-3squeeze2_i386.deb
4801f9982264e6aac43da4aa258210129d39b850 828662
libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
8a8e45914019fbfe1889e0424958f45c2d476e15 1968928
libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
5f5a9d6f884ce8c7014bea7057939e40193ad838 2897154
libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
fd27ec6eaf46febcc24cb7c6bf06c4a93cff3de3 5294422
winbind_3.5.6~dfsg-3squeeze2_i386.deb
b3eb83011d023675fec06d0b59ee8ef23c6c2572 57304262
samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
c31dd339db12d41b60e6ebfe019ce6b1b6416f8a 112266
libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
Checksums-Sha256:
7b1523281e30d7eabd2972f505a38d68033ec22fad9e6c0d0385e1881af15d40 2957
samba_3.5.6~dfsg-3squeeze2.dsc
fefa62897871877ceacdaece26b3dd3f0c19c8baae70970639b735f46e982e62 26593319
samba_3.5.6~dfsg.orig.tar.bz2
035d5c811958faa3aed2df537841bc557462d4842b213b2bab9024c7c7a9afdc 501857
samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
046897e89b0fd425e39e58cc0bc78d4bfa2ab093ecef4a99284e67551dd219ec 387032
samba-common_3.5.6~dfsg-3squeeze2_all.deb
9488e8f30d8656a3dddcec6ecd7f951871026d1604dc144841016987c6077209 1728644
samba-doc_3.5.6~dfsg-3squeeze2_all.deb
fe8bb2e77117196e89102151b0bb9641aea6c44f690deffe9b60066266c4719f 7107866
samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
045c5128121bc84c38154cb6c8e3ab517b2869cc58487a4047676e97933f3be7 7635590
samba_3.5.6~dfsg-3squeeze2_i386.deb
075425a594318b88736281573facb7955baae63dff6c3dac81c250927178239b 5843666
samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
1451bf93efa706f89631d2c191686ec65d59b0cd6fe1378959f1fd3796e999d1 10599356
samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
ba6b94113914a76afbd8658bf551c54667cb6fad7e07e18dd9050e4c203f70bc 13837760
smbclient_3.5.6~dfsg-3squeeze2_i386.deb
0a28aa1f9d37240553d1881fda155126fb3ca766136f493a7c3a09121daa6382 2266884
swat_3.5.6~dfsg-3squeeze2_i386.deb
c46fd17670ee0324e2b831ffb52dc6e96f77c7d0e4820fcf1451e201704449e0 828662
libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
ff7210e82c8858dd24aea7e448526941d9c8ea6fb4e49133443e546a0a4e709d 1968928
libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
bf1262c32d077687b4875852e58df10502ed06fd925a268b1bc39fafb14e05e1 2897154
libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
76090659205e8fc265545fa95087d27adca2af8572915ec944d4a152b10b14e9 5294422
winbind_3.5.6~dfsg-3squeeze2_i386.deb
a61d361c1e24f026c9ecbe7baf0cfafade3c9e52f2b66dd93b2ace31b020e226 57304262
samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
aea5e6a05ccd52edd2bb5c38a39be066dee1732914270c59ad94676c4c81c276 112266
libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
Files:
277c5d609f51d90052badf6d24f4bfcc 2957 net optional
samba_3.5.6~dfsg-3squeeze2.dsc
d58979841b8a252aea2223f37ec22de2 26593319 net optional
samba_3.5.6~dfsg.orig.tar.bz2
56c2dca732fa14962f133b088b6fd5ff 501857 net optional
samba_3.5.6~dfsg-3squeeze2.debian.tar.gz
2f37fc4f4015e57d8836bcf37658592c 387032 net optional
samba-common_3.5.6~dfsg-3squeeze2_all.deb
2e4b212a79859ef1df099321f0b25cf4 1728644 doc optional
samba-doc_3.5.6~dfsg-3squeeze2_all.deb
8a4d39d024b2c9a3271a1ee23eb8ac9c 7107866 doc optional
samba-doc-pdf_3.5.6~dfsg-3squeeze2_all.deb
92fb85a851ec61fdd8ea93b434d4e38f 7635590 net optional
samba_3.5.6~dfsg-3squeeze2_i386.deb
72bdce95b15e8e6b42634a4870183467 5843666 net optional
samba-common-bin_3.5.6~dfsg-3squeeze2_i386.deb
66b6850954fc3c887cf961efa393e9e0 10599356 net optional
samba-tools_3.5.6~dfsg-3squeeze2_i386.deb
27c45ff82ee3e8d04bb7fc402b86b85c 13837760 net optional
smbclient_3.5.6~dfsg-3squeeze2_i386.deb
f92a18d0c3c7c5784afadc94dfe597ae 2266884 net optional
swat_3.5.6~dfsg-3squeeze2_i386.deb
b6a7e7f816fa8be3859c8216e15753f8 828662 admin extra
libpam-smbpass_3.5.6~dfsg-3squeeze2_i386.deb
0020ec59808cab44b6765f0c329697c0 1968928 libs optional
libsmbclient_3.5.6~dfsg-3squeeze2_i386.deb
7603a797b5a59a075055ebc548b8e29c 2897154 libdevel extra
libsmbclient-dev_3.5.6~dfsg-3squeeze2_i386.deb
63820f412735fef3ac4e84ca08046d0a 5294422 net optional
winbind_3.5.6~dfsg-3squeeze2_i386.deb
414a0777d680c760b1975c63d2b5c4a0 57304262 debug extra
samba-dbg_3.5.6~dfsg-3squeeze2_i386.deb
517fc0f666e72b48fb5c0516b9702695 112266 libs optional
libwbclient0_3.5.6~dfsg-3squeeze2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIVAwUBTWgnWocvcCxNbiWoAQJ26w/+PVNGFBIupHZL4IQrxcIFc+q/7HW4cBIE
j5oiXMft6kKxI79S9/KLki33W9Y7AA7DmCb/CkS2WI4nV8YnSCzFIbf70qBu2dx/
gxbrw4LS9D8X+xEEpMIxYcikp3ngefa5icLKak/ft89W4phovn6rfp3lMYJ7Zjj7
Ruif0pcR5QVTC0TIOQdy07melkQ3r4ftgt5hy8D8k2qzYWN1ChkYKv1Vm7M3Ujv1
Lwy/PW+LMZyF07we6mQKztNpyOUYQQgol5OPHbXIyq+TENc2hwQHyDpHmXREvQCZ
1LhqckCvV+zqivgir7L3pYcHPPsx1rrf07e93ktSmgjL2/iQNvRCMnkLgmfBkMaR
KtJhuKOjqFGvRC/h5mYZMcstT0HpqudGYsX85QaCBOoPx2KF9mT5Hu9LbKaEe0/B
leGL05+wVe/JhI0rV6/C+EfrbpCBXMVdkZuP9f3Nq5V4/q1gl3XGyD1oCDjc+m1X
aAECr3eMzGgrk7U7q4TTJ5C6W/Xp6GyHS6Nfe+LZiC2240iaZqYTRqXp978rd0xC
mYZ4f2OPbB+BbkkGGWaSZ5YnTgGf/Sqb9xj461SvmWHAiIf8X2+6Ta9lujKEIumn
3iyxj7QdpKtmgWsYlHvLjCSFivlR3EF88jx1sZVXqYDVuObV4EDp5lsM8rpncg03
OwnH/3gPiQE=
=gsL8
-----END PGP SIGNATURE-----
--- End Message ---
