Samba 4.9.13 (gzipped)
Signature
Patch (gzipped) against Samba 4.9.12
Signature
==============================
Release Notes for Samba 4.9.13
September 03, 2019
==============================
This is a security release in order to address the following defect:
o CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition.
=======
Details
=======
o CVE-2019-10197:
Under certain parameter configurations, when an SMB client accesses a network
share and the user does not have permission to access the share root
directory, it is possible for the user to escape from the share to see the
complete '/' filesystem. Unix permission checks in the kernel are still
enforced.
Changes since 4.9.12:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
from the share.
o Stefan Metzmacher <metze@samba.org>
* BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
from the share.