ELA-104-1 samba security update

disable Windows registry service RPC API

Packagesamba
Version2:3.6.6-6+deb7u19
Related CVE CVE-2019-3880

A flaw was found in the way Samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could have used this flaw to create a new registry hive file anywhere they had unix permissions which could have lead to creation of a new file in the Samba share.

For Debian 7 Wheezy, these problems have been fixed in version 2:3.6.6-6+deb7u19.

We recommend that you upgrade your samba packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/