From 1f1bc3e8f3487ffd5654b62d9666c26b12669a54 Mon Sep 17 00:00:00 2001 From: timur Date: Sat, 25 Mar 2017 00:01:54 +0000 Subject: Add entry about Samba vulnerability CVE-2017-2619 Security: CVE-2017-2619 --- security/vuxml/vuln.xml | 56 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b858adcc5414..a70a39ff9570 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,62 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + samba -- symlink race allows access outside share definition + + + samba36 + 3.6.03.6.25_4 + + + samba4 + 4.0.04.0.26 + + + samba41 + 4.1.04.1.23 + + + samba42 + 4.2.04.2.14 + + + samba43 + 4.3.04.3.13 + + + samba44 + 4.4.04.4.12 + + + samba45 + 4.5.04.5.7 + + + samba46 + 4.6.04.6.1 + + + + +

Samba team reports:

+
A time-of-check, time-of-use race condition + can allow clients to access non-exported parts + of the file system via symlinks.
+

+ + + + https://www.samba.org/samba/security/CVE-2017-2619.html + CVE-2017-2619 + + + 2017-03-23 + 2017-03-24 + + + xen-tools -- Cirrus VGA Heap overflow via display refresh -- cgit