Custom Query (19868 matches)

New point version

New point version.

Emergency security release, a month early.

                   ==============================
                   Release Notes for Samba 4.10.2
                           April 8, 2019
                   ==============================


This is a security release in order to address the following defects:

o  CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
o  CVE-2019-3880 (Save registry file outside share as unprivileged user)


=======
Details
=======

o  CVE-2019-3870:
   During the provision of a new Active Directory DC, some files in the private/
   directory are created world-writable.

o  CVE-2019-3880:
   Authenticated users with write permission can trigger a symlink traversal to
   write or detect files outside the Samba share.

For more details and workarounds, please refer to the security advisories.


Changes since 4.10.1:
---------------------

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for
     smbd.mkdir().

o  Jeremy Allison <jra@samba.org>
   * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of
     SaveKey/RestoreKey.

New versions have been made available for 4.8.x and 4.9.x as well (necessitating errata). Upstream has made it clear to update ASAP in multiple different emails on samba-announce, samba, and samba-technical; so this will be done within the next couple days at most.