OPENSUSE-SU-2019:1180-1

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2019-3880
Published: 10 Apr 2019, 05:27
Last modified:04 Feb 2026, 02:39

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Apr 2019, 05:27
Published
Vulnerability first disclosed
04 Feb 2026, 02:39
Last Modified
Vulnerability information updated

Description

Security update for samba This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). This update was imported from SUSE:SLE-15:Update project.

Affected Systems

  • opensuseldb&distro=openSUSE Leap 15.0

    < 1.2.4-lp150.10.1

  • opensusesamba&distro=openSUSE Leap 15.0

    < 4.7.11+git.153.b36ceaf2235-lp150.3.14.1

References (8)