[ubuntu/eoan-updates] samba 2:4.10.7+dfsg-0ubuntu2.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Oct 29 12:28:35 UTC 2019
samba (2:4.10.7+dfsg-0ubuntu2.2) eoan-security; urgency=medium
* SECURITY UPDATE: client code can return filenames containing path
separators
- debian/patches/CVE-2019-10218-1.patch: protect SMB1 client code
from evil server returned names in source3/libsmb/clilist.c,
source3/libsmb/proto.h.
- debian/patches/CVE-2019-10218-2.patch: Protect SMB2 client code
from evil server returned names in source3/libsmb/cli_smb2_fnum.c.
- CVE-2019-10218
* SECURITY UPDATE: Samba AD DC check password script does not receive the
full password
- debian/patches/CVE-2019-14833-1.patch: use utf8 characters in the
unacceptable password in selftest/target/Samba4.pm.
- debian/patches/CVE-2019-14833-2.patch: send full password to check
password script in source4/dsdb/common/util.c.
- CVE-2019-14833
* SECURITY UPDATE: User with "get changes" permission can crash AD DC
LDAP server via dirsync
- debian/patches/CVE-2019-14847-1.patch: ensure attrs exist in
source4/dsdb/samdb/ldb_modules/dirsync.c.
- debian/patches/CVE-2019-14847-2.patch: demonstrate the correct
interaction of ranged_results style attributes and dirsync in
source4/dsdb/tests/python/dirsync.py.
- debian/patches/CVE-2019-14847-3.patch: correct behaviour of
ranged_results when combined with dirsync in
source4/dsdb/samdb/ldb_modules/dirsync.c,
source4/dsdb/samdb/ldb_modules/ranged_results.c.
- CVE-2019-14847
Date: 2019-10-21 14:17:25.663975+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list