Thank you all for chipping in and helping in the investigation of this
bug. Unfortunately we were not able to pinpoint exactly which upstream
commit fixed the problem, but as it turns out samba has been updated to
4.13.14 in Focal by the Security team, and therefore this bug can be
considered fixed (at least I cannot reproduce it anymore).
samba (2:4.13.14+dfsg-0ubuntu0.20.04.1) focal-security; urgency=medium
* Update to 4.13.14 as a security update (LP: #1950363)
- Removed patches included in new version:
+ CVE-*.patch
+ zerologon*.patch
+ 0023-libsmb-Don-t-try-to-find-posix-stat-info-in-SMBC_get.patch
+ build-Remove-tests-for-getdents-and-getdirentries.patch
+ fix-double-free-with-unresolved-credentia-cache.patch
+ wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
+ wscript-split-function-check-to-one-per-line-and-sor.patch
- Add/Refresh patches from Hirsute package:
+ Rename-mdfind-to-mdsearch.patch
+ bug_221618_precise-64bit-prototype.patch
+ fix-nfs-service-name-to-nfs-kernel-server.patch
- debian/control: bump libldb-dev Build-Depends to 2.2.3, bump
libtalloc to 2.3.1, libtdb to 1.4.3, and libtevent to 0.10.2.
- debian/*.install, debian/*.symbols: sync with Hirsute package, added
libdcerpc-pkt-auth.so.0.
- debian/rules: build with --enable-spotlight, remove --accel-aes as it
is no longer used with gnutls.
- debian/control: add libicu-dev to Build-Depends.
- debian/patches/trusted_domain_regression_fix.patch: fix regression
introduced in 4.13.14.
- CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192
-- Marc Deslauriers <[email protected]> Mon, 01 Nov 2021
07:33:25 -0400
I apologize for the delay in getting back to this. The fact that an
easy workaround was found makes the situation not as dire as it could
have been.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-2124
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25717
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25718
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25719
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25721
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25722
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23192
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3738
** Changed in: samba (Ubuntu Focal)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1872476
Title:
Shared files are shown as folders
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1872476/+subscriptions
--
Mailing list: https://launchpad.net/~enterprise-support
Post to : [email protected]
Unsubscribe : https://launchpad.net/~enterprise-support
More help : https://help.launchpad.net/ListHelp
