Samba Logo

Samba 4.11.5 – 4.10.12 und 4.9.18 Security Releases

Die Entwickler des beliebten Open-Source Dateiserver und Domaincontroller für Linux, haben ein Security Release für die aktuellen Zweige veröffentlicht. Die Inforamtionen sind in:

  • CVE-2019-14902 (Replication of ACLs set to inherit down a subtree on AD Directory not automatic)
  • CVE-2019-14907 (Crash after failed character conversion at log level 3 or above)
  • CVE-2019-19344 (Use after free during DNS zone scavenging in Samba AD DC)

zu finden.

Samba 4.11.5 – 4.10.12 – 4.9.18 Release Notes

  • CVE-2019-14902: The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a ‘full-sync’ replication, ACLs could get out of sync between domain controllers.
  • CVE-2019-14907: When processing untrusted string input Samba can read past the end of the allocated buffer when printing a “Conversion error” message to the logs.
  • CVE-2019-19344: During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed.
  • Andrew Bartlett <abartlet@samba.org>
    • BUG 12497: CVE-2019-14902: Replication of ACLs down subtree on AD Directory not automatic.
    • BUG 14208: CVE-2019-14907: lib/util: Do not print the failed to convert string into the logs.
  • Gary Lockyer <gary@catalyst.net.nz>
    • BUG 14050: CVE-2019-19344: kcc dns scavenging: Fix use after free in dns_tombstone_records_zone.

Quelle: https://www.samba.org/samba/history/

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.