Bug 1027147 - (CVE-2017-2619) VUL-0: CVE-2017-2619: samba: symlink race permits opening files outside share directory
(CVE-2017-2619)
VUL-0: CVE-2017-2619: samba: symlink race permits opening files outside share...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2017-2619:3.8:(AV:L/A...
:
Depends on: 1036283
Blocks:
  Show dependency treegraph
 
Reported: 2017-02-27 23:16 UTC by David Disseldorp
Modified: 2018-11-14 15:52 UTC (History)
8 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 28 Swamp Workflow Management 2017-03-28 19:09:51 UTC
SUSE-SU-2017:0841-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1027147
CVE References: CVE-2017-2619
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    samba-3.6.3-87.1
SUSE Linux Enterprise Server 11-SP4 (src):    samba-3.6.3-87.1, samba-doc-3.6.3-87.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    samba-3.6.3-87.1
Comment 29 Swamp Workflow Management 2017-03-29 19:09:36 UTC
SUSE-SU-2017:0858-1: An update that solves one vulnerability and has 6 fixes is now available.

Category: security (important)
Bug References: 1012092,1019416,1023847,1024416,1027147,993692,993707
CVE References: CVE-2017-2619
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    samba-4.4.2-36.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    samba-4.4.2-36.2
SUSE Linux Enterprise Server 12-SP2 (src):    samba-4.4.2-36.2
SUSE Linux Enterprise High Availability 12-SP2 (src):    samba-4.4.2-36.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    samba-4.4.2-36.2
Comment 30 Swamp Workflow Management 2017-03-29 19:10:51 UTC
SUSE-SU-2017:0859-1: An update that solves one vulnerability and has four fixes is now available.

Category: security (important)
Bug References: 1019416,1024416,1027147,993692,993707
CVE References: CVE-2017-2619
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    samba-4.2.4-28.8.2
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    samba-4.2.4-28.8.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    samba-4.2.4-28.8.2
SUSE Linux Enterprise Server 12-SP2 (src):    samba-4.2.4-28.8.2
SUSE Linux Enterprise Server 12-SP1 (src):    samba-4.2.4-28.8.2
SUSE Linux Enterprise High Availability 12-SP1 (src):    samba-4.2.4-28.8.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    samba-4.2.4-28.8.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    samba-4.2.4-28.8.2
Comment 31 Swamp Workflow Management 2017-03-29 19:14:43 UTC
SUSE-SU-2017:0862-1: An update that solves one vulnerability and has four fixes is now available.

Category: security (important)
Bug References: 1019416,1024416,1027147,993692,993707
CVE References: CVE-2017-2619
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    samba-4.2.4-18.35.1
SUSE Linux Enterprise Server 12-LTSS (src):    samba-4.2.4-18.35.1
SUSE Linux Enterprise High Availability 12 (src):    samba-4.2.4-18.35.1
Comment 32 Bernhard Wiedemann 2017-04-03 18:00:51 UTC
This is an autogenerated message for OBS integration:
This bug (1027147) was mentioned in
https://build.opensuse.org/request/show/484992 Factory / samba
Comment 33 Swamp Workflow Management 2017-04-05 16:12:52 UTC
openSUSE-SU-2017:0935-1: An update that solves one vulnerability and has four fixes is now available.

Category: security (important)
Bug References: 1019416,1024416,1027147,993692,993707
CVE References: CVE-2017-2619
Sources used:
openSUSE Leap 42.1 (src):    samba-4.2.4-27.1
Comment 34 Swamp Workflow Management 2017-04-05 16:24:25 UTC
openSUSE-SU-2017:0944-1: An update that solves one vulnerability and has 6 fixes is now available.

Category: security (important)
Bug References: 1012092,1019416,1023847,1024416,1027147,993692,993707
CVE References: CVE-2017-2619
Sources used:
openSUSE Leap 42.2 (src):    samba-4.4.2-11.3.1
Comment 35 Bernhard Wiedemann 2017-04-10 16:02:59 UTC
This is an autogenerated message for OBS integration:
This bug (1027147) was mentioned in
https://build.opensuse.org/request/show/487103 Factory / samba
Comment 36 Andreas Stieger 2017-04-26 14:39:35 UTC
upstream regression bug 1036283
https://bugzilla.samba.org/show_bug.cgi?id=12721
Comment 37 Swamp Workflow Management 2017-05-08 19:12:12 UTC
SUSE-SU-2017:1216-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1027147,1036283
CVE References: CVE-2017-2619
Sources used:
SUSE OpenStack Cloud 5 (src):    samba-3.6.3-90.1, samba-doc-3.6.3-90.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    samba-3.6.3-90.1
SUSE Linux Enterprise Server 11-SP4 (src):    samba-3.6.3-90.1, samba-doc-3.6.3-90.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    samba-3.6.3-90.1, samba-doc-3.6.3-90.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    samba-3.6.3-90.1, samba-doc-3.6.3-90.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    samba-3.6.3-90.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    samba-3.6.3-90.1
Comment 38 James McDonough 2017-06-04 23:56:53 UTC
Shipped on all platforms.  Closing.
Comment 42 Swamp Workflow Management 2017-09-21 14:12:44 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-10-05.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63871
Comment 43 Samuel Cabrero 2017-10-18 13:41:50 UTC
Sources for SLE11 SP1 ready. Reassigned to security team.
Comment 44 Marcus Meissner 2017-10-25 19:17:29 UTC
released