samba icon indicating copy to clipboard operation
samba copied to clipboard
verified publisher icon dperson

CVE-2021-44142 - Update samba to patch the vulnerability

Open Morishiri opened this issue 3 years ago • 5 comments

The vulnerability is patched in versions 4.13.17, 4.14.12, and 4.15.5.

Please consider releasing a new version of the docker image.

https://www.kb.cert.org/vuls/id/119678

Morishiri avatar Feb 02 '22 09:02 Morishiri

It feels like this repo is dead but has a pretty high number of users. Recent patches are crucial for security.

I'd advice to update the container internals manually at least for now:

sudo docker exec ... - ash
apk update
apk upgrade
exit

then restart the container. Apply again after each deploy / rebuild.

Silberling avatar Feb 02 '22 14:02 Silberling

Personally I have solved in that way: First update to latest 3.12 (Note: samba is your samba container name, if differs, change it accordingly) sudo docker exec samba ash -c "apk update" sudo docker exec samba ash -c "apk upgrade"

then change the repository sudo docker exec samba ash -c "sed -i 's/v3\.12/latest-stable/g' /etc/apk/repositories"

then update the container sudo docker exec samba ash -c "apk update" sudo docker exec samba ash -c "apk upgrade"

fix the startup script: sudo docker exec samba ash -c "sed -i 's/FS/F --debug-stdout/' /usr/bin/samba.sh" Otherwise you will had error like #405

Now get your container id sudo docker ps -a and create a new local-image named samba-updated sudo docker commit YOUR-CONTAINER-ID samba-updated now edit your docker-compose.yml or run script using samba-updated instead of dperson/samba image

Output after update: sudo docker exec samba ash -c "smbstatus" Samba version 4.15.5

bullet92 avatar Feb 02 '22 21:02 bullet92

I'd love to add a pull request, but I don't have the time for it right now. In case you want to help with the update:

  • Clone this repo on the target machine
  • cd samba
  • sudo docker build . --> Will say something like Successfully built ceac0705d309
  • sudo docker tag ceac0705d309 local/samba (taking the tag from the line above)
  • Edit your docker-compose.yml of your samba service and replace image: dperson/samba by image: local/samba
  • Run sudo docker-compose up and note the errors that show up. Edit the Dockerfile and repeat the steps with build and up until no more errors show up
  • Create a pull request with the updated Dockerfile

This should greatly help dperson with the update.

kalsan avatar Feb 03 '22 08:02 kalsan

Hi, I just published an up-to-date image here: https://quay.io/repository/unixfox/samba It is updated at every new version of samba.

unixfox avatar Feb 09 '22 22:02 unixfox

Just to mention one recent problem I had with one of the latest version of Samba : https://github.com/dperson/samba/issues/413

Vincent-HD avatar Apr 28 '22 15:04 Vincent-HD