4c499faaf0
update 4.1.7 (2021-03-24) to 4.18.8 (2021-04-29) release notes: https://www.samba.org/samba/history/samba-4.13.8.html == This is a security release in order to address the following defect: o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token. ======= Details ======= o CVE-2021-20254: The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. Most commonly this flaw caused the calling code to crash, but an alert user (Peter Eriksson, IT Department, Linköping University) found this flaw by noticing an unprivileged user was able to delete a file within a network share that they should have been disallowed access to. Analysis of the code paths has not allowed us to discover a way for a remote user to be able to trigger this flaw reproducibly or on demand, but this CVE has been issued out of an abundance of caution. Changes since 4.13.7 -------------------- o Volker Lendecke <vl@samba.org> * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids().
LibreELEC
LibreELEC is a 'Just enough OS' Linux distribution for the award-winning Kodi software on popular mediacentre hardware. Further information on the project can be found on the LibreELEC website.
Issues & Support
Please ask questions in the LibreELEC forum: Help & Support or ask a member of project staff in the #libreelec IRC channel on Freenode. Please report bugs via GitHub Issues.
Donations
Contributions towards current project funding goals can be sent via PayPal to donations@libreelec.tv
License
LibreELEC original code is released under GPLv2.
Copyright
As LibreELEC includes code from many upstream projects it has many copyright owners; notably OpenELEC which we forked from after disagreeing with project direction and management, and OpenBricks/GeeXboX the uncredited source of the original 2009 build system. LibreELEC makes no claim of copyright on any upstream code. However all original LibreELEC authored code is copyright LibreELEC.tv. Patches to upstream code have the same license as the upstream project unless specified otherwise. For a complete copyright list please checkout the source code to examine license headers. Unless expressly stated otherwise all code submitted to the LibreELEC project (in any form) is licensed under GPLv2 and copyright is donated to the project. This approach gives the project freedom to maintain the code without the overhead of preserving contact with every submitter, e.g. GPLv3. You are free to retain copyright by adding your copyright header to each submitted code page. If you submit code that is not your own work it is your responsibility to place a header stating the copyright.