Debdiff for Xenial. ** Description changed:
- The fix for bug #11395 / CVE-2015-5252 + [Impact] + + * User is denied access when trying to access a share "/" + + [Test Case] + + * Setup a Samba server + + * Add a share with path "/" + + * Try to access the share + + [Regression Potential] + + * This has been introduced upstream by security patch CVE-2015-5252. + + * It has been already fixed upstream. + + * This is just a backport of the fix. + + [Other Info] + + * Original bug description: + + The fix for bug #11395 / CVE-2015-5252 https://git.samba.org/?p=samba.git;a=commitdiff;h=7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d locked down the path checks in check_reduced_name[_with_privilege]() to prevent unintended access via wide links. The new checks do not correctly treat a corner case though: the case of the share path being "/". (Important e.g. for using the glusterfs VFS module.) In this case all operations after tree connect get ACCESS_DENIED. ** Patch added: "xenial_samba_4.3.3+dfsg-1ubuntu2.debdiff" https://bugs.launchpad.net/samba/+bug/1545750/+attachment/4572180/+files/xenial_samba_4.3.3+dfsg-1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1545750 Title: Access denied if the share path is "/" To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1545750/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
