Univention Bugzilla – Bug 43679
Samba: Multiple issues (3.3)
Last modified: 2017-03-23 13:25:54 CET
+++ This bug was initially created as a clone of Bug #43678 +++ A security update for Samba is planned. Deadline is 2017-03-29. * Symlink race allows access outside share definition (CVE-2017-2619). In UCS 3.3 we currently ship Samba 4.3.7. As far as communicated, there will be backports for Samba 4.2 but there has been no mention of backports for 4.3. The 4.2 backports are announced to contain "a large set of supporting fixes".
Created attachment 8561 [details] 99_sambabug12387.quilt Applies
Created attachment 8562 [details] 99_sambabug12499.quilt Applies
Created attachment 8563 [details] 99_sambabug12531.quilt Doesn't apply, due to differing paths and missing functions: * source3/lib/util_path.c -> source3/lib/util.c * source3/lib/util_path.h -> source3/include/proto.h * function canonicalize_absolute_path doesn't exist yet in Samba 4.3.7 * maybe other things. Maybe we can learn something from the 4-2-total-fix (I'll attach that below).
Created attachment 8564 [details] 99_sambabug12546.quilt Applies
Created attachment 8565 [details] 99_sambabug12591.quilt Applies
Ok, I've fiddled 99_sambabug12531.quilt though git-am and squashed it. I've also send the patch set for Samba 4.3.13 upstream. errata3.3-1 Advisory: samba.yaml
Created attachment 8593 [details] git-am fix for 4.3.13 (v3) I've upstreamed this backported git-am patch series: https://bugzilla.samba.org/show_bug.cgi?id=12496#c142 Samba has been rebuilt and the advisory is updated.
OK patches OK update OK installation OK ucs install / join OK win join, logon OK user sync, password sync OK shares OK gpo OK patches OK printer OK YAML
<http://errata.software-univention.de/ucs/3.3/31.html>