Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-44142 - Update samba to patch the vulnerability #407

Open
Morishiri opened this issue Feb 2, 2022 · 5 comments
Open

CVE-2021-44142 - Update samba to patch the vulnerability #407

Morishiri opened this issue Feb 2, 2022 · 5 comments

Comments

@Morishiri
Copy link

The vulnerability is patched in versions 4.13.17, 4.14.12, and 4.15.5.

Please consider releasing a new version of the docker image.

https://www.kb.cert.org/vuls/id/119678
@Silberling
Copy link

Silberling commented Feb 2, 2022
edited
Loading

It feels like this repo is dead but has a pretty high number of users. Recent patches are crucial for security.

I'd advice to update the container internals manually at least for now:

sudo docker exec ... - ash
apk update
apk upgrade
exit

then restart the container. Apply again after each deploy / rebuild.

@bullet92
Copy link

bullet92 commented Feb 2, 2022
edited
Loading

Personally I have solved in that way:
First update to latest 3.12 (Note: samba is your samba container name, if differs, change it accordingly)
sudo docker exec samba ash -c "apk update"
sudo docker exec samba ash -c "apk upgrade"

then change the repository
sudo docker exec samba ash -c "sed -i 's/v3\.12/latest-stable/g' /etc/apk/repositories"

then update the container
sudo docker exec samba ash -c "apk update"
sudo docker exec samba ash -c "apk upgrade"

fix the startup script:
sudo docker exec samba ash -c "sed -i 's/FS/F --debug-stdout/' /usr/bin/samba.sh"
Otherwise you will had error like #405

Now get your container id
sudo docker ps -a
and create a new local-image named samba-updated
sudo docker commit YOUR-CONTAINER-ID samba-updated
now edit your docker-compose.yml or run script using samba-updated instead of dperson/samba image

Output after update:
sudo docker exec samba ash -c "smbstatus"
Samba version 4.15.5

@kalsan
Copy link

kalsan commented Feb 3, 2022

I'd love to add a pull request, but I don't have the time for it right now. In case you want to help with the update:

  • Clone this repo on the target machine
  • cd samba
  • sudo docker build . --> Will say something like Successfully built ceac0705d309
  • sudo docker tag ceac0705d309 local/samba (taking the tag from the line above)
  • Edit your docker-compose.yml of your samba service and replace image: dperson/samba by image: local/samba
  • Run sudo docker-compose up and note the errors that show up. Edit the Dockerfile and repeat the steps with build and up until no more errors show up
  • Create a pull request with the updated Dockerfile

This should greatly help dperson with the update.

@runningman84 runningman84 mentioned this issue Feb 5, 2022
Closed
@unixfox
Copy link

unixfox commented Feb 9, 2022

Hi, I just published an up-to-date image here: https://quay.io/repository/unixfox/samba
It is updated at every new version of samba.

@ukkopahis ukkopahis mentioned this issue Apr 23, 2022
Open
@Vincent-HD
Copy link

Just to mention one recent problem I had with one of the latest version of Samba :
#413

@ukkopahis ukkopahis mentioned this issue Jun 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Silberling @unixfox @bullet92 @kalsan @Morishiri @Vincent-HD