Univention Bugzilla – Bug 43679
Samba: Multiple issues (3.3)
Last modified: 2017-03-23 13:25:54 CET
+++ This bug was initially created as a clone of Bug #43678 +++
A security update for Samba is planned. Deadline is 2017-03-29.
* Symlink race allows access outside share definition (CVE-2017-2619).
In UCS 3.3 we currently ship Samba 4.3.7.
As far as communicated, there will be backports for Samba 4.2 but there has been no mention of backports for 4.3. The 4.2 backports are announced to contain "a large set of supporting fixes".
Created attachment 8561 [details]
Created attachment 8562 [details]
Created attachment 8563 [details]
Doesn't apply, due to differing paths and missing functions:
* source3/lib/util_path.c -> source3/lib/util.c
* source3/lib/util_path.h -> source3/include/proto.h
* function canonicalize_absolute_path doesn't exist yet in Samba 4.3.7
* maybe other things.
Maybe we can learn something from the 4-2-total-fix (I'll attach that below).
Created attachment 8564 [details]
Created attachment 8565 [details]
Ok, I've fiddled 99_sambabug12531.quilt though git-am and squashed it.
I've also send the patch set for Samba 4.3.13 upstream.
errata3.3-1 Advisory: samba.yaml
Created attachment 8593 [details]
git-am fix for 4.3.13 (v3)
I've upstreamed this backported git-am patch series:
Samba has been rebuilt and the advisory is updated.
OK ucs install / join
OK win join, logon
OK user sync, password sync