Ubuntu
samba package

  1. Bug #1842533
  2. Activity log

Activity log for bug #1842533

Date Who What changed Old value New value Message
2019-09-04 02:28:18 Bryce Harrington bug added bug
2019-09-04 02:28:40 Bryce Harrington bug watch added https://bugzilla.samba.org/show_bug.cgi?id=14035
2019-09-04 02:28:40 Bryce Harrington bug task added samba
2019-09-04 02:28:49 Bryce Harrington information type Public Private Security
2019-09-04 02:29:08 Bryce Harrington bug added subscriber Steve Beattie
2019-09-04 02:29:18 Bryce Harrington samba (Ubuntu): status New In Progress
2019-09-04 02:29:26 Bryce Harrington samba (Ubuntu): assignee Bryce Harrington (bryce)
2019-09-04 02:30:25 Bryce Harrington summary CVE-2019-10197 CVE-2019-10197 restricted share escape by user
2019-09-04 02:58:34 Bryce Harrington description samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium * SECURITY UPDATE: restricted share escape by user - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate out impersonation debug info into a new function. - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we reset current_user.{need,done}_chdir in become_root() - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make fsrvp_share its own independent subdirectory - debian/patches/CVE-2019-10197-05-v4-10.patch: test_smbclient_s3.sh: add regression test for the no permission on share root problem - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split change_to_user_impersonate() out of change_to_user_internal() - CVE-2019-10197 -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700 samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium   * SECURITY UPDATE: restricted share escape by user     - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate       out impersonation debug info into a new function.     - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that       change_to_user_internal() always resets current_user.done_chdir     - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we       reset current_user.{need,done}_chdir in become_root()     - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make       fsrvp_share its own independent subdirectory     - debian/patches/CVE-2019-10197-05-v4-10.patch:       test_smbclient_s3.sh: add regression test for the no permission       on share root problem     - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split       change_to_user_impersonate() out of change_to_user_internal()     - CVE-2019-10197  -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700 A PPA build with this patch is available from the security team at: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages I've also uploaded it to my own PPA here, to doublecheck the build: https://launchpad.net/~bryce/+archive/ubuntu/samba-cve-2019-10197/+packages
2019-09-04 04:19:37 Bryce Harrington information type Private Security Public Security
2019-09-04 16:45:54 Bryce Harrington samba (Ubuntu): status In Progress Fix Committed
2019-09-04 18:57:40 Launchpad Janitor samba (Ubuntu): status Fix Committed Fix Released
2019-09-04 18:57:40 Launchpad Janitor cve linked 2019-10197