SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2868

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2868

Security update for samba

Type: security

Severity: important

Issued: 2019-10-30

Description:

This update for samba fixes the following issues:

Security issues fixed:

- CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync (bsc#1154598).
- CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902).
- CVE-2019-14833: Fixed Accent with "check script password" where the Samba AD DC check password script does not receive the full password (bsc#1154289).

Other issues fixed:

- Fix vfs_ceph realpath (bsc#1134452).
- MacOS credit accounting breaks with async SESSION SETUP (bsc#1125601).
- Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection
- Explicitly enable libcephfs POSIX ACL support (bsc#1130245).
- Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153).

References

CVE: CVE-2019-14847
CVE: CVE-2019-14833
CVE: CVE-2019-10218
Bugzilla: 1154598 VUL-1: EMBARGOED: CVE-2019-14847: samba: dirsync / ranged_results crash
Bugzilla: 1154289 VUL-0: EMBARGOED: CVE-2019-14833: samba: Accent with "check script password"
Bugzilla: 1144902 VUL-0: EMBARGOED: CVE-2019-10218: samba: Samba servers can inject relative paths in directory entry lists
Bugzilla: 1134452 Samba vfs_ceph uses wrong directory for realpath call
Bugzilla: 1130245 L3-Question: Samba vfs object ceph and extended ACLs
Bugzilla: 1127153 Samba vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate
Bugzilla: 1125601 shares not visible after patching

Packages

samba-4.7.11+git.186.d75219614c3-4.30.1