SUSE: 2019:1040-1 Important: Samba Path Traversal Issue
suse
April 25, 2019
An update that solves one vulnerability and has 5 fixes is now available
Summary
This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put "results_store" into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.
Topics Covered
References
#1114407 #1124223 #1125410 #1126377 #1131060
#1131686
Cross- CVE-2019-3880
Affected Products:
SUSE Linux Enterprise Module for Packagehub Subpackages 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Development Tools 15
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise High Availability 15
https://www.suse.com/security/cve/CVE-2019-3880.html
https://bugzilla.suse.com/1114407
https://bugzilla.suse.com/1124223
https://bugzilla.suse.com/1125410
https://bugzilla.suse.com/1126377
https://bugzilla.suse.com/1131060
https://bugzilla.suse.com/1131686
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:1040-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!