[ubuntu/groovy-updates] samba 2:4.12.5+dfsg-3ubuntu4.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Nov 2 15:28:34 UTC 2020
samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
Date: 2020-10-28 11:52:17.424275+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/samba/2:4.12.5+dfsg-3ubuntu4.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Groovy-changes
mailing list