SAMBA+ Security Releases: 4.10.2, 4.9.6 and 4.8.11 packages available

SAMBA+ 4.10.2, 4.9.6 and 4.8.11 packages have just been released by SerNet. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.

The packages address the following issues:

  • CVE-2019-3870 World writable files in Samba AD DC private/ dir
    During the provision of a new Active Directory DC, some files in the private/ directory are created world-writable. SAMBA+ creates the private/ directory with limited permissions. By default the files can only be accessed by privileged users.
  • CVE-2019-3880 Save registry file outside share as unprivileged user
    Authenticated users with write permission can trigger a symlink traversal to write or detect files outside the Samba share.

Samba 4.10.2 and 4.9.6 address all CVEs listed above. Samba 4.8.11 addresses CVE-2019-3880, only.

SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.

Newsletter

SerNet's Samba newsletter informs you about all important developments and events with its main focus on new packages.

+ subscribe to Newsletter

SAMBA+ Shop

Buy and manage software subscriptions. SAMBA+ subscriptions are available for one, two and three years at the SAMBA+ shop.

+ visit the shop

Deutsche Sprachelangue francaisEnglish language