Unless they have dropped a still needed patch in the last security update (see previous upload, not the security one, it dropps two regression patches for the security upload for the CVEs that is referenced in the Ubuntu bug.
samba (2:4.2.14+dfsg-0+deb8u2) jessie-security; urgency=high
* This is a security release in order to address the following defects:
- CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).
- CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).
- CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
elevation).
* Fix smbclient compatibility with Windows 10 (Closes: #820794)
-- Mathieu Parent <sathieu@debian.org> Thu, 08 Dec 2016 21:12:25 +0100
samba (2:4.2.14+dfsg-0+deb8u1) jessie; urgency=high
* New upstream release.
+ Fixes CVE-2016-2119: Client side SMB2/3 required signing can be downgraded.
+ Various fixes for regressions introduced by the 4.2.10 security fixes.
Closes: #820965, #827141
+ Fixes for segfault with clustering. Closes: #824177
+ Bump tevent dependency up to 0.9.28.
* Drop obsolete patch security-2016-04-12-prerequisite-v4-2-regression-
fixes.metze01.txt.
* Drop patch sockets-with-htons.patch; applied upstream.
* Drop patch CVE-2016-2110-NTLMSSP-regression.patch; fixed upstream.
* Drop patch s3-smbd-fix-anonymous-authentication-if-signing-is-
m.patch: fixed upstream.
-- Jelmer Vernooij <jelmer@debian.org> Sun, 04 Sep 2016 14:21:35 +0000
I think I am also seeing this same problem. After the December update the issue was manifesting as:
Non-Windows clients (e.g. several iOS apps) were not able to connect to the auto-mounted shares. The OSMC directory worked fine for iOS clients. Windows clients could connect to all shares including the auto-mount (which is probably why a lot of people aren’t noticing this).
My samba logs look like the ones posted here (I can post them if you want, but they look the same) with a signal 11 and smb_panic at the times the non-Windows clients tried to connect.
Commenting out the auto-mount template and manually adding an entry for my external usb drive and everything works again for all clients. This is fine as a work around for my use cases.
Hopefully this use case can help in identifying the underlying problem.
It’s been very busy around here, but I’ve finally reported this to the Samba maintainers for Debian. I’ll keep you posted as things progress.
Debian 8.7 landed in OSMC’s January update. I didn’t get a chance to check yet, but can someone revert the changes and check that there are still problems?
I’ve applied the January update but unfortunately the issue still persists if usershare template share = automount template
in smb.conf is not commented out.
Please help. I have two RPi3’s running in separate rooms and one of them (lets say RPi#1) has Samba running and a powered external drive attached via USB for sharing media files. After updating to Krypton (on both RPi’s), RPi#2 gets an error (“Software caused connection abort.”) when I try to connect to RPi#1. I enabled Samba on RPi#2 and have no problem connecting to it with RPi#1 or my Windows pc. Any ideas on this?
Not sure if this helps but had the same problems accessing samba shares from another Pi running Samba for the media. I did notice that Zero config would find the shares and add them with Smb:\192.168.31.10:445\share name and I would edit out the :445. This didn’t work for me… as I needed to browse directories within the share. SO I setup a network location with smb and just the address and added in the user name and password… to the main server only thus allowing OMSC to see all the shares on the server and browse them from any field in kodi that tried to browse via SMB… I did not remove the Template setting in my config…
This leads me to believe one of two things Zero config is trying to override SMB client requests on startup or User names and passwords are not being managed properly in the SMB module of OSMC … Just my thoughts . Let me know if you need more info on my setup or testing… I do fresh installs all the time just out of boredom. The OMSC Pi 3b is also the SQL server and hosts Ampache Music server along with PHPMyadmin and Webmin… So it’s taxed pretty hard… The File/Media Pi 4 is the one truly feeding the TV nd managing the raw media.