similar to: [Announce] Samba 4.1.9, 4.0.19 and 3.6.24 Security Releases Available

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server) o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server) o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba

Release Announcements --------------------- Samba 4.0.8, 3.6.17 and 3.5.22 have been issued as security releases in order to address CVE-2013-4124 (Denial of service - CPU loop and memory allocation). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop

Release Announcements --------------------- Samba 4.0.8, 3.6.17 and 3.5.22 have been issued as security releases in order to address CVE-2013-4124 (Denial of service - CPU loop and memory allocation). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop

Under what conditions are "server services = -ldap" an acceptable workaround? would it work with a standalone AD with file sharing done by other Samba servers? On Tue, Mar 13, 2018 at 5:20 AM, Karolin Seeger via samba-technical <samba-technical at lists.samba.org> wrote: > Release Announcements > --------------------- > > These are security release in order to address

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16852 (NULL pointer

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16852 (NULL pointer

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2018-1050 (Denial of Service Attack on external print server.) o CVE-2018-1057 (Authenticated users can change other users' password.) ======= Details ======= o CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2018-1050 (Denial of Service Attack on external print server.) o CVE-2018-1057 (Authenticated users can change other users' password.) ======= Details ======= o CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack

Release Announcements ===================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the

Release Announcements ===================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC ======= Details ======= o CVE-2020-10700: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC ======= Details ======= o CVE-2020-10700: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a

On 9/20/19 8:58 AM, Eric Blake wrote: > On 9/12/19 12:41 PM, Richard W.M. Jones wrote: >> We have discovered a potential Denial of Service / Amplification Attack >> in nbdkit. > > Unfortunately, our fix for this issue cause another potential Denial of > Service attack: > >> >> Lifecycle >> --------- >> >> Reported: 2019-09-11 Fixed:

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

====================================================== "It kills me sometimes, how people die." Markus Zusak, The Book Thief ====================================================== Release Announcements --------------------- This is the latest stable release of Samba 4.3. Changes since 4.3.4: -------------------- o Jeremy Allison <jra at samba.org> *

====================================================== "It kills me sometimes, how people die." Markus Zusak, The Book Thief ====================================================== Release Announcements --------------------- This is the latest stable release of Samba 4.3. Changes since 4.3.4: -------------------- o Jeremy Allison <jra at samba.org> *

Release Announcements --------------------- This is a security release in order to address the following defects: o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server (dnsserver)) o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches)) Please note that Samba 4.9 is affected by CVE-2019-12435 only. ======= Details ======= o CVE-2019-12435: