*** This bug is a security vulnerability *** Private security bug reported:
samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium * SECURITY UPDATE: restricted share escape by user - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate out impersonation debug info into a new function. - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we reset current_user.{need,done}_chdir in become_root() - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make fsrvp_share its own independent subdirectory - debian/patches/CVE-2019-10197-05-v4-10.patch: test_smbclient_s3.sh: add regression test for the no permission on share root problem - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split change_to_user_impersonate() out of change_to_user_internal() - CVE-2019-10197 -- Steve Beattie <sbeat...@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700 ** Affects: samba Importance: Unknown Status: Unknown ** Affects: samba (Ubuntu) Importance: Undecided Assignee: Bryce Harrington (bryce) Status: In Progress ** Bug watch added: Samba Bugzilla #14035 https://bugzilla.samba.org/show_bug.cgi?id=14035 ** Also affects: samba via https://bugzilla.samba.org/show_bug.cgi?id=14035 Importance: Unknown Status: Unknown ** Information type changed from Public to Private Security ** Changed in: samba (Ubuntu) Status: New => In Progress ** Changed in: samba (Ubuntu) Assignee: (unassigned) => Bryce Harrington (bryce) ** Summary changed: - CVE-2019-10197 + CVE-2019-10197 restricted share escape by user -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1842533 Title: CVE-2019-10197 restricted share escape by user To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1842533/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs