Samba 4.10.5 Available for Download

Samba 4.10.5 (gzipped)

Patch (gzipped) against Samba 4.10.4

                   Release Notes for Samba 4.10.5
                           June 19, 2019

This is a security release in order to address the following defects:

o  CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
o  CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))


o  CVE-2019-12435:
   An authenticated user can crash the Samba AD DC's RPC server process via a
   NULL pointer dereference.

o  CVE-2019-12436:
    An user with read access to the directory can cause a NULL pointer
    dereference using the paged search control.

For more details and workarounds, please refer to the security advisories.

Changes since 4.10.4:

o  Douglas Bagnall <>
   * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
     in DnssrvOperation2.
   * BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results
     without messages.