group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1701073] Re: CVE-2017-2619 regression breaks symlinks to directories

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1701073@xxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Aug 2017 19:42:43 -0000
Reply-to: Bug 1701073 <1701073@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package samba - 2:4.6.7+dfsg-1ubuntu1

---------------
samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1710281).
    - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
      symlinks to directories (LP: #1701073)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Mon, 21 Aug 2017 17:27:08
-0300

** Changed in: samba (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1701073

Title:
  CVE-2017-2619 regression breaks symlinks to directories

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Xenial:
  Fix Released
Status in samba source package in Yakkety:
  Fix Released
Status in samba source package in Zesty:
  Fix Released

Bug description:
  Found in current version in Xenial (4.3.11+dfsg-0ubuntu0.16.04.7).
  When share's path is '/', symlinks do not work properly from Windows
  client. Gives "Cannot Access" error.

  To reproduce:

  1. Install samba and related dependencies

  apt install -y samba

  2. Add a share at the end of the default file that uses '/' as the
  path:

  [reproducer]
          comment = share
          browseable = no
          writeable = yes
          create mode = 0600
          directory mode = 0700
          path = /

  3. Attempt to access a symlink somewhere within the path of the share
  with a Windows client.

  4. Receive "Windows cannot access..." related error

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1701073/+subscriptions