Bug 43681

Summary: Samba: Multiple issues (4.2)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P1 Keywords: interim-4
Version: UCS 4.2   
Target Milestone: UCS 4.2   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=42045
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on: 42045    
Bug Blocks: 43678    

Description Arvid Requate univentionstaff 2017-03-01 11:43:16 CET 
+++ This bug was initially created as a clone of Bug #43678 +++

A security update for Samba is planned. Deadline is 2017-03-29.

* Symlink race allows access outside share definition (CVE-2017-2619).

Release of Samba 4.6.0 is scheduled for March 7. The actual security update will be 4.6.1.
Comment 1 Arvid Requate univentionstaff 2017-03-23 13:20:32 CET 
I've updated out Samba source package to 4.6.1 and built it in UCS 4.2. Update worked.
Comment 2 Felix Botner univentionstaff 2017-03-24 12:26:07 CET 
OK - samba 2:4.6.1-1A~4.2.0.201703231239
OK - Installation
OK - changelog
Comment 3 Stefan Gohmann univentionstaff 2017-04-04 18:29:06 CEST 
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".