Security update for samba (important)

ID OPENSUSE-SU-2019:2442-1
Type suse
Reporter Suse
Modified 2019-11-05T21:17:22


This update for provides the following fixes:

Following security issues were fixed:

  • CVE-2019-14847: User with "get changes" permission could have crashed AD DC LDAP server via dirsync (bsc#1154598).
  • CVE-2019-10218: Client code could have returned filenames containing path separators (bsc#1144902).
  • CVE-2019-14833: Accent with "check script password" where Samba AD DC check password script did not receive the full password (bsc#1154289).

Also following non-security issues were fixed:

  • Fix auth problems when printing via smbspool backend with kerberos. (bsc#1148539)
  • Fix broken username/password authentication with CUPS and smbspool. (bsc#1152143)

This update was imported from the SUSE:SLE-15-SP1:Update update project.