samba (2:4.3.11+dfsg-0ubuntu0.16.04.23) xenial-security; urgency=medium
* SECURITY UPDATE: client code can return filenames containing path
separators
- debian/patches/CVE-2019-10218-1.patch: protect SMB1 client code
from evil server returned names in source3/libsmb/clilist.c,
source3/libsmb/proto.h.
- debian/patches/CVE-2019-10218-2.patch: Protect SMB2 client code
from evil server returned names in source3/libsmb/cli_smb2_fnum.c.
- CVE-2019-10218
* SECURITY UPDATE: User with "get changes" permission can crash AD DC
LDAP server via dirsync
- debian/patches/CVE-2019-14847-1.patch: ensure attrs exist in
source4/dsdb/samdb/ldb_modules/dirsync.c.
- debian/patches/CVE-2019-14847-2.patch: demonstrate the correct
interaction of ranged_results style attributes and dirsync in
source4/dsdb/tests/python/dirsync.py.
- debian/patches/CVE-2019-14847-3.patch: correct behaviour of
ranged_results when combined with dirsync in
source4/dsdb/samdb/ldb_modules/dirsync.c,
source4/dsdb/samdb/ldb_modules/ranged_results.c.
- CVE-2019-14847
Date: 2019-10-21 15:12:42.876140+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.23
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes