[ubuntu/disco-security] samba 2:4.10.0+dfsg-0ubuntu2.4 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Tue Sep 3 20:15:10 UTC 2019

samba (2:4.10.0+dfsg-0ubuntu2.4) disco-security; urgency=medium

  * SECURITY UPDATE: restricted share escape by user
    - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
      out impersonation debug info into a new function.
    - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
      change_to_user_internal() always resets current_user.done_chdir
    - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
      reset current_user.{need,done}_chdir in become_root()
    - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
      fsrvp_share its own independent subdirectory
    - debian/patches/CVE-2019-10197-05-v4-10.patch:
      test_smbclient_s3.sh: add regression test for the no permission
      on share root problem
    - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
      change_to_user_impersonate() out of change_to_user_internal()
    - CVE-2019-10197

samba (2:4.10.0+dfsg-0ubuntu2.3) disco; urgency=medium

  * CTDB enablement for NFS HA (LP: #722201) and needed fixes:
    - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: do not try to
      start daemon without /etc/ctdb/nodes.
    - d/rules: installing provided config examples and helper scripts.
    - Examples of NFS HA CTDB config files + helper script:
      + d/ctdb.example.enable.nfs.sh
      + d/ctdb.example.nfs-common
      + d/ctdb.example.nfs-kernel-server
      + d/ctdb.example.services
      + d/ctdb.example.sysctl-nfs-static-ports.conf
    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service
      name from nfs to nfs-kernel-server.
    - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fix
      tcp_tw_recycle existence check.
  * Allow proper ctdb initalization (LP: #1828799):
    - d/ctdb.dirs: added /var/lib/ctdb/* directories
    - d/ctdb.postrm: remove leftovers from
  * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
    to allow pid file to exist (LP: #1821775)

Date: 2019-09-03 16:15:16.315698+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list