Line 1: | Line 1: | ||
Install advisories tool: | Install advisories tool: | ||
− | < | + | <pre> |
+ | [tmb@laptop advisories]# urpmi mga-advisories | ||
- installs mgaadv | - installs mgaadv | ||
− | </ | + | </pre> |
Do initial config | Do initial config |
Revision as of 08:41, 23 March 2014
Install advisories tool:
[tmb@laptop advisories]# urpmi mga-advisories - installs mgaadv
Do initial config [tmb@laptop advisories]$ mgaadv initqaconf
- initializes config file (it opens text editor to show config) - initial download of advisories
Check that you have latest advisories: [tmb@laptop advisories]$ cd ~/mageia-advisories/advisories [tmb@laptop advisories]$ svn up
Check at end of http://mageia.madb.org/tools/updates for advisories ready to be pushed
Pushing updates (using samba update (bug 12999) as an example)
Assing advisory id [tmb@laptop advisories]$ mgaadv publish 12999 Assigned ID MGASA-2014-0138 to advisory 12999
Check if there is potential problems (for perl advisory parser) $ file 12999.adv 12999.adv: ASCII text (this is ok)
Check the contents of the advisory looks ok: $ cat 12999.adv type: security subject: Updated samba packages fix security vulnerability CVE:
- CVE-2013-4496
src:
3: core: - samba-3.6.15-1.4.mga3 4: core: - samba-3.6.23-1.mga4
description: |
In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication (CVE-2013-4496)
references:
- https://bugs.mageia.org/show_bug.cgi?id=12999 - http://www.samba.org/samba/security/CVE-2013-4496
ID: MGASA-2014-0138
Open up a ssh to valstar
$ ssh -A root@valstar.mageia.org
Use Screen to make avoid breakages during package move if you loose network connection)
- screen
Push srpm(s) according to advisory (verify that the srpm matches the advisory, if not, check the bugreport if something has changed and update advisory accordingly or ask QA people for clarification), format is mga-send-update-nosync <distro> <media> <srpm>:
- ./mga-send-update-nosync 3 core samba
This SRPM (and matching binarys) will be moved from updates_testing to updates: samba-3.6.15-1.4.mga3.src.rpm Are you sure ? y
moving binary and source rpms:
i586: libnetapi0-3.6.15-1.4.mga3.i586.rpm libnetapi-devel-3.6.15-1.4.mga3.i586.rpm libsmbclient0-3.6.15-1.4.mga3.i586.rpm libsmbclient0-devel-3.6.15-1.4.mga3.i586.rpm libsmbclient0-static-devel-3.6.15-1.4.mga3.i586.rpm libsmbsharemodes0-3.6.15-1.4.mga3.i586.rpm libsmbsharemodes-devel-3.6.15-1.4.mga3.i586.rpm libwbclient0-3.6.15-1.4.mga3.i586.rpm libwbclient-devel-3.6.15-1.4.mga3.i586.rpm nss_wins-3.6.15-1.4.mga3.i586.rpm samba-client-3.6.15-1.4.mga3.i586.rpm samba-common-3.6.15-1.4.mga3.i586.rpm samba-doc-3.6.15-1.4.mga3.noarch.rpm samba-domainjoin-gui-3.6.15-1.4.mga3.i586.rpm samba-server-3.6.15-1.4.mga3.i586.rpm samba-swat-3.6.15-1.4.mga3.i586.rpm samba-virusfilter-clamav-3.6.15-1.4.mga3.i586.rpm samba-virusfilter-fsecure-3.6.15-1.4.mga3.i586.rpm samba-virusfilter-sophos-3.6.15-1.4.mga3.i586.rpm samba-winbind-3.6.15-1.4.mga3.i586.rpm samba-debuginfo-3.6.15-1.4.mga3.i586.rpm
x86_64: lib64netapi0-3.6.15-1.4.mga3.x86_64.rpm lib64netapi-devel-3.6.15-1.4.mga3.x86_64.rpm lib64smbclient0-3.6.15-1.4.mga3.x86_64.rpm lib64smbclient0-devel-3.6.15-1.4.mga3.x86_64.rpm lib64smbclient0-static-devel-3.6.15-1.4.mga3.x86_64.rpm lib64smbsharemodes0-3.6.15-1.4.mga3.x86_64.rpm lib64smbsharemodes-devel-3.6.15-1.4.mga3.x86_64.rpm lib64wbclient0-3.6.15-1.4.mga3.x86_64.rpm lib64wbclient-devel-3.6.15-1.4.mga3.x86_64.rpm nss_wins-3.6.15-1.4.mga3.x86_64.rpm samba-client-3.6.15-1.4.mga3.x86_64.rpm samba-common-3.6.15-1.4.mga3.x86_64.rpm samba-doc-3.6.15-1.4.mga3.noarch.rpm samba-domainjoin-gui-3.6.15-1.4.mga3.x86_64.rpm samba-server-3.6.15-1.4.mga3.x86_64.rpm samba-swat-3.6.15-1.4.mga3.x86_64.rpm samba-virusfilter-clamav-3.6.15-1.4.mga3.x86_64.rpm samba-virusfilter-fsecure-3.6.15-1.4.mga3.x86_64.rpm samba-virusfilter-sophos-3.6.15-1.4.mga3.x86_64.rpm samba-winbind-3.6.15-1.4.mga3.x86_64.rpm samba-debuginfo-3.6.15-1.4.mga3.x86_64.rpm
SRPMS: samba-3.6.15-1.4.mga3.src.rpm
- ./mga-send-update-nosync 4 core samba
This SRPM (and matching binarys) will be moved from updates_testing to updates: samba-3.6.23-1.mga4.src.rpm Are you sure ? y
moving binary and source rpms:
i586: libnetapi0-3.6.23-1.mga4.i586.rpm libnetapi-devel-3.6.23-1.mga4.i586.rpm libsmbclient0-3.6.23-1.mga4.i586.rpm libsmbclient0-devel-3.6.23-1.mga4.i586.rpm libsmbclient0-static-devel-3.6.23-1.mga4.i586.rpm libsmbsharemodes0-3.6.23-1.mga4.i586.rpm libsmbsharemodes-devel-3.6.23-1.mga4.i586.rpm libwbclient0-3.6.23-1.mga4.i586.rpm libwbclient-devel-3.6.23-1.mga4.i586.rpm nss_wins-3.6.23-1.mga4.i586.rpm samba-client-3.6.23-1.mga4.i586.rpm samba-common-3.6.23-1.mga4.i586.rpm samba-doc-3.6.23-1.mga4.noarch.rpm samba-domainjoin-gui-3.6.23-1.mga4.i586.rpm samba-server-3.6.23-1.mga4.i586.rpm samba-swat-3.6.23-1.mga4.i586.rpm samba-virusfilter-clamav-3.6.23-1.mga4.i586.rpm samba-virusfilter-fsecure-3.6.23-1.mga4.i586.rpm samba-virusfilter-sophos-3.6.23-1.mga4.i586.rpm samba-winbind-3.6.23-1.mga4.i586.rpm samba-debuginfo-3.6.23-1.mga4.i586.rpm
x86_64: lib64netapi0-3.6.23-1.mga4.x86_64.rpm lib64netapi-devel-3.6.23-1.mga4.x86_64.rpm lib64smbclient0-3.6.23-1.mga4.x86_64.rpm lib64smbclient0-devel-3.6.23-1.mga4.x86_64.rpm lib64smbclient0-static-devel-3.6.23-1.mga4.x86_64.rpm lib64smbsharemodes0-3.6.23-1.mga4.x86_64.rpm lib64smbsharemodes-devel-3.6.23-1.mga4.x86_64.rpm lib64wbclient0-3.6.23-1.mga4.x86_64.rpm lib64wbclient-devel-3.6.23-1.mga4.x86_64.rpm nss_wins-3.6.23-1.mga4.x86_64.rpm samba-client-3.6.23-1.mga4.x86_64.rpm samba-common-3.6.23-1.mga4.x86_64.rpm samba-doc-3.6.23-1.mga4.noarch.rpm samba-domainjoin-gui-3.6.23-1.mga4.x86_64.rpm samba-server-3.6.23-1.mga4.x86_64.rpm samba-swat-3.6.23-1.mga4.x86_64.rpm samba-virusfilter-clamav-3.6.23-1.mga4.x86_64.rpm samba-virusfilter-fsecure-3.6.23-1.mga4.x86_64.rpm samba-virusfilter-sophos-3.6.23-1.mga4.x86_64.rpm samba-winbind-3.6.23-1.mga4.x86_64.rpm samba-debuginfo-3.6.23-1.mga4.x86_64.rpm
SRPMS: samba-3.6.23-1.mga4.src.rpm
Commit the advisory to svn (add advisory id and srpm in message for easy svn browsing):
[tmb@laptop advisories]$ svn commit -m "MGASA-2014-0138: samba-3.6.15-1.4.mga3, samba-3.6.23-1.mga4" 12999.adv