Custom Query (19868 matches)
Results (121 - 123 of 19868)
Ticket | Owner | Reporter | Resolution | Summary |
---|---|---|---|---|
#11852 | fixed | firefox-66.0.1 | ||
Description |
New point version |
|||
#11857 | fixed | thunderbird-60.6.1 | ||
Description |
New point version. |
|||
#11916 | fixed | Samba-4.10.4 (CVE-2019-3870 CVE-2018-14629 CVE-2019-3880 CVE-2018-16860) | ||
Description |
Emergency security release, a month early. ============================== Release Notes for Samba 4.10.2 April 8, 2019 ============================== This is a security release in order to address the following defects: o CVE-2019-3870 (World writable files in Samba AD DC private/ dir) o CVE-2019-3880 (Save registry file outside share as unprivileged user) ======= Details ======= o CVE-2019-3870: During the provision of a new Active Directory DC, some files in the private/ directory are created world-writable. o CVE-2019-3880: Authenticated users with write permission can trigger a symlink traversal to write or detect files outside the Samba share. For more details and workarounds, please refer to the security advisories. Changes since 4.10.1: --------------------- o Andrew Bartlett <abartlet@samba.org> * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for smbd.mkdir(). o Jeremy Allison <jra@samba.org> * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of SaveKey/RestoreKey. New versions have been made available for 4.8.x and 4.9.x as well (necessitating errata). Upstream has made it clear to update ASAP in multiple different emails on samba-announce, samba, and samba-technical; so this will be done within the next couple days at most. |
Note:
See TracQuery
for help on using queries.