Samba 4.11.3 Available for Download

Samba 4.11.3 (gzipped)

Patch (gzipped) against Samba 4.11.2

                   Release Notes for Samba 4.11.3
                          December 10, 2019

This is a security release in order to address the following defects:

o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
		  management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
		  on Samba AD DC.


o  CVE-2019-14861:
   An authenticated user can crash the DCE/RPC DNS management server by creating
   records with matching the zone name.

o  CVE-2019-14870:
   The DelegationNotAllowed Kerberos feature restriction was not being applied
   when processing protocol transition requests (S4U2Self), in the AD DC KDC.

For more details and workarounds, please refer to the security advisories.

Changes since 4.11.2:

o  Andrew Bartlett <>
   * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash.

o  Isaac Boukris <>
   * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced.