Security update for samba (important)

2019-04-10T12:09:08
ID OPENSUSE-SU-2019:1180-1
Type suse
Reporter Suse
Modified 2019-04-10T12:09:08

Description

This update for samba fixes the following issues:

Security issue fixed:

  • CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).

ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):

  • Out of bound read in ldb_wildcard_compare
  • Hold at most 10 outstanding paged result cookies
  • Put "results_store" into a doubly linked list
  • Refuse to build Samba against a newer minor version of ldb

Non-security issues fixed:

  • Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
  • Abide to the load_printers parameter in smb.conf (bsc#1124223).

This update was imported from SUSE:SLE-15:Update project.