Die Entwickler des beliebten Open-Source Dateiserver und Domaincontroller für Linux, haben ein Security Release für die aktuellen Zweige veröffentlicht. Die Inforamtionen sind in:
- CVE-2019-14902 (Replication of ACLs set to inherit down a subtree on AD Directory not automatic)
- CVE-2019-14907 (Crash after failed character conversion at log level 3 or above)
- CVE-2019-19344 (Use after free during DNS zone scavenging in Samba AD DC)
zu finden.
Samba 4.11.5 – 4.10.12 – 4.9.18 Release Notes
- CVE-2019-14902: The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a ‘full-sync’ replication, ACLs could get out of sync between domain controllers.
- CVE-2019-14907: When processing untrusted string input Samba can read past the end of the allocated buffer when printing a “Conversion error” message to the logs.
- CVE-2019-19344: During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed.
- Andrew Bartlett <abartlet@samba.org>
- BUG 12497: CVE-2019-14902: Replication of ACLs down subtree on AD Directory not automatic.
- BUG 14208: CVE-2019-14907: lib/util: Do not print the failed to convert string into the logs.
- Gary Lockyer <gary@catalyst.net.nz>
- BUG 14050: CVE-2019-19344: kcc dns scavenging: Fix use after free in dns_tombstone_records_zone.
Quelle: https://www.samba.org/samba/history/