CVE-2021-44142 - Update samba to patch the vulnerability

dperson / samba

Samba docker container

GNU Affero General Public License v3.0

1.52k stars 514 forks source link

CVE-2021-44142 - Update samba to patch the vulnerability #407

Open Morishiri opened 2 years ago

Morishiri commented 2 years ago

The vulnerability is patched in versions 4.13.17, 4.14.12, and 4.15.5.

Please consider releasing a new version of the docker image.

https://www.kb.cert.org/vuls/id/119678

Silberling commented 2 years ago

It feels like this repo is dead but has a pretty high number of users. Recent patches are crucial for security.

I'd advice to update the container internals manually at least for now:

sudo docker exec ... - ash
apk update
apk upgrade
exit

then restart the container. Apply again after each deploy / rebuild.

bullet92 commented 2 years ago

Personally I have solved in that way: First update to latest 3.12 (Note: samba is your samba container name, if differs, change it accordingly) sudo docker exec samba ash -c "apk update" sudo docker exec samba ash -c "apk upgrade"

then change the repository sudo docker exec samba ash -c "sed -i 's/v3\.12/latest-stable/g' /etc/apk/repositories"

then update the container sudo docker exec samba ash -c "apk update" sudo docker exec samba ash -c "apk upgrade"

fix the startup script: sudo docker exec samba ash -c "sed -i 's/FS/F --debug-stdout/' /usr/bin/samba.sh" Otherwise you will had error like #405

Now get your container id sudo docker ps -a and create a new local-image named samba-updated sudo docker commit YOUR-CONTAINER-ID samba-updated now edit your docker-compose.yml or run script using samba-updated instead of dperson/samba image

Output after update: sudo docker exec samba ash -c "smbstatus" Samba version 4.15.5

kalsan commented 2 years ago

I'd love to add a pull request, but I don't have the time for it right now. In case you want to help with the update:

Clone this repo on the target machine
cd samba
sudo docker build . --> Will say something like Successfully built ceac0705d309
sudo docker tag ceac0705d309 local/samba (taking the tag from the line above)
Edit your docker-compose.yml of your samba service and replace image: dperson/samba by image: local/samba
Run sudo docker-compose up and note the errors that show up. Edit the Dockerfile and repeat the steps with build and up until no more errors show up
Create a pull request with the updated Dockerfile

This should greatly help dperson with the update.

unixfox commented 2 years ago

Hi, I just published an up-to-date image here: https://quay.io/repository/unixfox/samba It is updated at every new version of samba.

Vincent-HD commented 2 years ago

Just to mention one recent problem I had with one of the latest version of Samba : https://github.com/dperson/samba/issues/413