File _patchinfo of Package patchinfo.12643

<patchinfo incident="12643">
  <issue tracker="bnc" id="1148539">Fix printing via smbspool backend with kerberos auth - Backport from tumbleweed</issue>
  <issue tracker="bnc" id="1152143">username/password authentication doesn't work with CUPS and smbspool</issue>
  <issue tracker="bnc" id="1154598">VUL-1: EMBARGOED: CVE-2019-14847: samba: dirsync / ranged_results crash</issue>
  <issue tracker="bnc" id="1144902">VUL-0: EMBARGOED: CVE-2019-10218: samba: Samba servers can inject relative paths in directory entry lists</issue>
  <issue tracker="bnc" id="1154289">VUL-0: EMBARGOED: CVE-2019-14833: samba: Accent with "check script password"y entry lists</issue>
  <issue tracker="cve" id="2019-14847"></issue>
  <issue tracker="cve" id="2019-10218"></issue>
  <issue tracker="cve" id="2019-14833"></issue>
  <packager>npower</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for samba</summary>
  <description>This update for provides the following fixes:

Following security issues were fixed:

- CVE-2019-14847: User with "get changes" permission could have crashed AD DC LDAP server via dirsync (bsc#1154598).
- CVE-2019-10218: Client code could have returned filenames containing path separators (bsc#1144902).
- CVE-2019-14833: Accent with "check script password" where Samba AD DC check password script did not receive the full password (bsc#1154289).

Also following non-security issues were fixed:

- Fix auth problems when printing via smbspool backend with kerberos. (bsc#1148539)
- Fix broken username/password authentication with CUPS and smbspool. (bsc#1152143)
</description>
</patchinfo>