Samba 4.11.5 (gzipped)
Signature
Patch (gzipped) against Samba 4.11.4
Signature
============================== Release Notes for Samba 4.11.5 January 21, 2020 ============================== This is a security release in order to address the following defects: o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. ======= Details ======= o CVE-2019-14902: The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. o CVE-2019-14907: When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs. o CVE-2019-19344: During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed. For more details and workarounds, please refer to the security advisories. Changes since 4.11.4: --------------------- o Andrew Bartlett <abartlet@samba.org> * BUG 12497: CVE-2019-14902: Replication of ACLs down subtree on AD Directory not automatic. * BUG 14208: CVE-2019-14907: lib/util: Do not print the failed to convert string into the logs. o Gary Lockyer <gary@catalyst.net.nz> * BUG 14050: CVE-2019-19344: kcc dns scavenging: Fix use after free in dns_tombstone_records_zone.