Samba 4.9.17 (gzipped)
Signature
Patch (gzipped) against Samba 4.9.16
Signature
==============================
Release Notes for Samba 4.9.17
December 10, 2019
==============================
This is a security release in order to address the following defects:
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
=======
Details
=======
o CVE-2019-14861:
An authenticated user can crash the DCE/RPC DNS management server by creating
records with matching the zone name.
o CVE-2019-14870:
The DelegationNotAllowed Kerberos feature restriction was not being applied
when processing protocol transition requests (S4U2Self), in the AD DC KDC.
For more details and workarounds, please refer to the security advisories.
Changes since 4.9.16:
---------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash.
o Isaac Boukris <iboukris@gmail.com>
* BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced.