Karolin Seeger
2019-Dec-10 09:06 UTC
[Announce] Samba 4.11.3, 4.10.11 and 4.9.17 Security Releases Available
Release Announcements
---------------------
These are a security release in order to address the following defects:
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
======Details
======
o CVE-2019-14861:
An authenticated user can crash the DCE/RPC DNS management server by creating
records with matching the zone name.
o CVE-2019-14870:
The DelegationNotAllowed Kerberos feature restriction was not being applied
when processing protocol transition requests (S4U2Self), in the AD DC KDC.
For more details and workarounds, please refer to the security advisories.
Changes:
--------
o Andrew Bartlett <abartlet at samba.org>
* BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash.
o Isaac Boukris <iboukris at gmail.com>
* BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's
Bugzilla
database (https://bugzilla.samba.org/).
======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================
===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded
from:
https://download.samba.org/pub/samba/stable/
The release notes are available online at:
https://www.samba.org/samba/history/samba-4.11.3.html
https://www.samba.org/samba/history/samba-4.10.11.html
https://www.samba.org/samba/history/samba-4.9.17.html
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba-announce/attachments/20191210/9ed07c69/signature.sig>
Reasonably Related Threads
- [Announce] Samba 4.11.3, 4.10.11 and 4.9.17 Security Releases Available
- Samba 4.11.3, 4.10.11 and 4.9.17 for Centos7/RHEL7
- Notice: repo update samba 4.9.17 4.10.11 and 4.11.3
- [Announce] Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available
- [Announce] Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available
Wisdom of the Ancients
