Samba 4.8.11 (gzipped)
Signature
Patch (gzipped) against Samba 4.8.10
Signature
==============================
Release Notes for Samba 4.8.11
April 8, 2019
==============================
This is a security release in order to address the following defect:
o CVE-2019-3880 (Save registry file outside share as unprivileged user)
=======
Details
=======
o CVE-2018-14629:
Authenticated users with write permission
can trigger a symlink traversal to write
or detect files outside the Samba share.
For more details and workarounds, please refer to the security advisory.
Changes since 4.8.10:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of
SaveKey/RestoreKey.