Path to this page:
Subject: CVS commit: pkgsrc/net/samba4
From: Adam Ciarcinski
Date: 2019-04-08 20:35:59
Message id: 20190408183559.3DB56FB16@cvs.NetBSD.org
Log Message:
samba4: updated to 4.10.2
Release Notes for Samba 4.10.2
This is a security release in order to address the following defects:
o CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
o CVE-2019-3880 (Save registry file outside share as unprivileged user)
Details
o CVE-2019-3870:
During the provision of a new Active Directory DC, some files in the private/
directory are created world-writable.
o CVE-2019-3880:
Authenticated users with write permission can trigger a symlink traversal to
write or detect files outside the Samba share.
For more details and workarounds, please refer to the security advisories.
Changes since 4.10.1:
* BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for
smbd.mkdir().
* BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of
SaveKey/RestoreKey.
Files: