NEWS[4.17.0rc1]: Samba 4.17.0rc1 Available for Download

[samba-web.git] / history / samba-4.10.5.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Samba 4.10.5 - Release Notes</title>
</head>
<body>
<H2>Samba 4.10.5 Available for Download</H2>
<p>
<a href="https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.gz">Samba 4.10.5 (gzipped)</a><br>
<a href="https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.asc">Signature</a>
</p>
<p>
<a href="https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.gz">Patch (gzipped) against Samba 4.10.4</a><br>
<a href="https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.asc">Signature</a>
</p>
<p>
<pre>
                   ==============================
                   Release Notes for Samba 4.10.5
                           June 19, 2019
                   ==============================


This is a security release in order to address the following defects:

o  CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
                  (dnsserver))
o  CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))

=======
Details
=======

o  CVE-2019-12435:
   An authenticated user can crash the Samba AD DC&apos;s RPC server process via a
   NULL pointer dereference.

o  CVE-2019-12436:
    An user with read access to the directory can cause a NULL pointer
    dereference using the paged search control.

For more details and workarounds, please refer to the security advisories.


Changes since 4.10.4:
---------------------

o  Douglas Bagnall &lt;douglas.bagnall@catalyst.net.nz&gt;
   * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
     in DnssrvOperation2.
   * BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results
     without messages.


</pre>
</p>
</body>
</html>