Samba 4.11.3 (gzipped)
Signature
Patch (gzipped) against Samba 4.11.2
Signature
============================== Release Notes for Samba 4.11.3 December 10, 2019 ============================== This is a security release in order to address the following defects: o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. ======= Details ======= o CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name. o CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC. For more details and workarounds, please refer to the security advisories. Changes since 4.11.2: --------------------- o Andrew Bartlett <abartlet@samba.org> * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash. o Isaac Boukris <iboukris@gmail.com> * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced.