group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #14473
[Bug 1701073] Re: CVE-2017-2619 regression breaks symlinks to directories
This bug was fixed in the package samba - 2:4.3.11+dfsg-0ubuntu0.14.04.9
---------------
samba (2:4.3.11+dfsg-0ubuntu0.14.04.9) trusty-security; urgency=medium
[ Andreas Hasenack ]
* d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
regression which breaks symlinks to directories on certain systems
(LP: #1701073)
[ Marc Deslauriers ]
* SECURITY UPDATE: DoS via bad symlink resolution
- debian/patches/CVE-2017-9461.patch: properly handle dangling symlinks
in source3/smbd/open.c.
- CVE-2017-9461
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Tue, 04 Jul 2017
08:01:55 -0400
** Changed in: samba (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9461
** Changed in: samba (Ubuntu Xenial)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1701073
Title:
CVE-2017-2619 regression breaks symlinks to directories
Status in samba:
Unknown
Status in samba package in Ubuntu:
Fix Released
Status in samba source package in Xenial:
Fix Released
Status in samba source package in Yakkety:
In Progress
Status in samba source package in Zesty:
In Progress
Bug description:
Found in current version in Xenial (4.3.11+dfsg-0ubuntu0.16.04.7).
When share's path is '/', symlinks do not work properly from Windows
client. Gives "Cannot Access" error.
To reproduce:
1. Install samba and related dependencies
apt install -y samba
2. Add a share at the end of the default file that uses '/' as the
path:
[reproducer]
comment = share
browseable = no
writeable = yes
create mode = 0600
directory mode = 0700
path = /
3. Attempt to access a symlink somewhere within the path of the share
with a Windows client.
4. Receive "Windows cannot access..." related error
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1701073/+subscriptions