Security update for samba
This update for samba fixes the following issues:
Security issues fixed:
- CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147).
Bugfixes:
- Force usage of ncurses6-config thru NCURSES_CONFIG env var (bsc#1023847).
- Add missing ldb module directory (bsc#1012092).
- Don't package man pages for VFS modules that aren't built (bsc#993707).
- sync_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).
- Document "winbind: ignore domains" parameter; (bsc#1019416).
- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
James McDonough (jmcdough)
Fixed bugs
bnc#993707
Samba rpm includes man pages for VFS modules which aren't packaged
bnc#1023847
Samba still links (deprecated) libncurses.so.5
bnc#1012092
net ads join: unable to stat module /usr/lib64/samba/ldb : No such file or directory
bnc#1027147
VUL-0: CVE-2017-2619: samba: symlink race permits opening files outside share directory
bnc#1024416
samba/winbind high utilization, request for samba.org bugfix 12105
bnc#1019416
"winbind:ignore domains" is a valid parameter for smb.conf but is not documented in the man page
bnc#993692
custom app segfaults due to winbindd_free_response creating a core
