Overview Repositories Revisions Requests Users Attributes Meta
Security update for samba

This update for samba fixes the following issues:

Security issues fixed:

- CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync (bsc#1154598).
- CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902).
- CVE-2019-14833: Fixed Accent with "check script password" where the Samba AD DC check password script does not receive the full password (bsc#1154289).

Other issues fixed:

- Fix vfs_ceph realpath (bsc#1134452).
- MacOS credit accounting breaks with async SESSION SETUP (bsc#1125601).
- Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection
- Explicitly enable libcephfs POSIX ACL support (bsc#1130245).
- Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153).
This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1154289
VUL-0: EMBARGOED: CVE-2019-14833: samba: Accent with "check script password"
bnc#1130245
L3-Question: Samba vfs object ceph and extended ACLs
bnc#1134452
Samba vfs_ceph uses wrong directory for realpath call
bnc#1154598
VUL-1: EMBARGOED: CVE-2019-14847: samba: dirsync / ranged_results crash
bnc#1144902
VUL-0: EMBARGOED: CVE-2019-10218: samba: Samba servers can inject relative paths in directory entry lists
bnc#1125601
shares not visible after patching
bnc#1127153
Samba vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate
CVE-2019-14847
CVE-2019-10218
CVE-2019-14833
Selected Binaries
openSUSE Build Service is sponsored by
Places