[Feisty & Gutsy as well] Re: Latest Updates Break Samba on Dapper / Edgy

Fri Nov 16 22:35:24 UTC 2007

On 11/16/2007 02:08 PM, Dana J. Laude wrote:
> NoOp wrote:
>> On 11/16/2007 06:31 AM, Oliver Grawert wrote:
>>> hi,
>>> Am Freitag, den 16.11.2007, 08:01 -0600 schrieb Kenneth Loafman:
>>>> Hopefully, the next update will fix this problem.
>>> yup, thats reported as 
>>> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/163042
>>>
>>> the package was disabled on the security server so should not come down
>>> the drain for anybody now. would you mind to add the info about your
>>> workaround to the bug so we avoid noise about that on the mailing list
>>> and can just point users there ?
>>>
>>> ciao
>>> 	oli
>>>
>> 
>> It also affects Feisty & Gusty:
>> 
>> <quote>
>> Jamie Strandboge  wrote 1 hours ago:  (permalink)
>> 
>> Turns out that upstream's fix for CVE-2007-4572 was incomplete and
>> Feisty and Gutsy are also affected. As such, feisty and gutsy packages
>> have been disabled. I have also linked to the upstream bug report.
>> Updated packages without this patch will be provided for all releases.
>> CVE-2007-4572 is a DoS but believed to not be exploitable.
>> 
>> When a proper fix is found, updated packages will be provided.
>> </quote>
>> 
>> However, turning on my Gutsy machines as of a few minutes ago shows the
>> updates as being available. I've not tried updating yet; should we
>> disable those updates for the time being? And, if they were pulled, why
>> are they still showing up in update manager?
> 
> Here it shows the following and won't grab the updates.
> <snip>
> The following packages will be upgraded:
>    libsmbclient samba-common smbclient
> 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> Need to get 8606kB of archives.
> After unpacking 0B of additional disk space will be used.
> Do you want to continue [Y/n]?
> Err http://security.ubuntu.com gutsy-security/main smbclient 
> 3.0.26a-1ubuntu2.1
>    403 Forbidden
[snip]
> 
> So, they are blocked at this time, until the fix is available.
> 
> Dana

As a test I allowed an update from my normal "mirrors.kernel.org" on a
test machine that I can afford to bork & the update went through. It
appears that the mirrors have not yet received the block/403 msg.

Now, my next concern is the customer/relatives machines that I have set
to automatically download & install security updates. Off to check those
& it looks like it's going to be a busy weekend.