enterprise-support team mailing list archive

Thread
Date

[Bug 1701073] Re: CVE-2017-2619 regression breaks symlinks to directories

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1701073@xxxxxxxxxxxxxxxxxx>
Date: Wed, 05 Jul 2017 17:33:15 -0000
Reply-to: Bug 1701073 <1701073@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package samba - 2:4.3.11+dfsg-0ubuntu0.14.04.9

---------------
samba (2:4.3.11+dfsg-0ubuntu0.14.04.9) trusty-security; urgency=medium

  [ Andreas Hasenack ]
  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via bad symlink resolution
    - debian/patches/CVE-2017-9461.patch: properly handle dangling symlinks
      in source3/smbd/open.c.
    - CVE-2017-9461

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 04 Jul 2017
08:01:55 -0400

** Changed in: samba (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9461

** Changed in: samba (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1701073

Title:
  CVE-2017-2619 regression breaks symlinks to directories

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1701073/+subscriptions

References

[Bug 1701073] [NEW] CVE-2017-2619 regression breaks symlinks
From: Dave Kettmann, 2017-06-28