Samba 4.10.5 (gzipped)
Signature
Patch (gzipped) against Samba 4.10.4
Signature
==============================
Release Notes for Samba 4.10.5
June 19, 2019
==============================
This is a security release in order to address the following defects:
o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
(dnsserver))
o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
=======
Details
=======
o CVE-2019-12435:
An authenticated user can crash the Samba AD DC's RPC server process via a
NULL pointer dereference.
o CVE-2019-12436:
An user with read access to the directory can cause a NULL pointer
dereference using the paged search control.
For more details and workarounds, please refer to the security advisories.
Changes since 4.10.4:
---------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
in DnssrvOperation2.
* BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results
without messages.