Bugzilla – Bug 1212375
Some Samba Veto Files Stopped Working after Upgrading to Leap 15.5
Last modified: 2024-02-27 12:30:30 UTC
After upgrading from Leap 15.4 to Leap 15.5, Samba's "veto files" stopped working correctly. Sample smb.conf: [Samba-Share] path = /local/samba-share writable = yes guest ok = yes create mask = 0777 directory mask = 0777 veto files = /.*/ I can see the shared "Samba-Share" folder, but I can't access it if I'm at the server's root. If I put something else in "veto files" like: veto files = /.sh/ Then it works. I have the following Samba version: 4.17.7+git.330.4057cd7a27a-150500.1.2 on x86_64.
I see content isn't accessible with the specified veto setting need to check what has changed here, I'd suspect the veto code must somehow have changed and now probably matches the special '.' file and filters it (and the share directory out) will try to look into it (need to check old version and find associated code)
https://bugzilla.samba.org/show_bug.cgi?id=15360
Thanks Noel. I searched on-line, but didn't look at Samba's website. Looks like a fix is in the works or it is already "resolved."
Released.
SUSE-SU-2023:2929-1: An update that solves six vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1212375, 1213170, 1213171, 1213172, 1213173, 1213174, 1213384, 1213386 CVE References: CVE-2020-25720, CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968 Sources used: openSUSE Leap 15.5 (src): samba-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 Basesystem Module 15-SP5 (src): samba-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 SUSE Linux Enterprise High Availability Extension 15 SP5 (src): samba-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.