## state inaddy@winbindsegfault:~$ dpkg -l | grep -i samba iU libnss-winbind:amd64 2:4.3.9+dfsg-0ubuntu0.14.04.1 amd64 Samba nameservice integration plugins ii libwbclient0:amd64 2:4.1.6+dfsg-1ubuntu2.14.04.13 amd64 Samba winbind client library ii python-samba 2:4.1.6+dfsg-1ubuntu2.14.04.13 amd64 Python bindings for Samba ii samba 2:4.1.6+dfsg-1ubuntu2.14.04.13 amd64 SMB/CIFS file, print, and login server for Unix ii samba-common 2:4.1.6+dfsg-1ubuntu2.14.04.13 all common files used by both the Samba server and client ii samba-common-bin 2:4.1.6+dfsg-1ubuntu2.14.04.13 amd64 Samba common files used by both the server and the client iU samba-dsdb-modules 2:4.3.9+dfsg-0ubuntu0.14.04.1 amd64 Samba Directory Services Database ii samba-libs:amd64 2:4.1.6+dfsg-1ubuntu2.14.04.13 amd64 Samba core libraries ii samba-vfs-modules 2:4.1.6+dfsg-1ubuntu2.14.04.13 amd64 Samba Virtual FileSystem plugins
** Description changed: It was brought to my attention that, because of latest security fixes for samba: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739 samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium when library symbols changed, a samba upgrade MAY jeopardize an entire Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service (specially if used before compat mechanism). ---- How to reproduce easily: $ cat /etc/nsswitch.conf passwd: winbind compat shadow: compat group: winbind compat (winbind is usually used after compat, in this case it was used before) to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do a: $ sudo apt-get update and FINALLY: - """ - - """ + https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1 Leading into an unusable system in the following state: + https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2 + ## state - Workaround: DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d with "pam-auth-update") before ANY attempt of upgrading samba to latest version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs