1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.10.5 - Release Notes</title>
8 <H2>Samba 4.10.5 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.gz">Samba 4.10.5 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.gz">Patch (gzipped) against Samba 4.10.4</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.asc">Signature</a>
19 ==============================
20 Release Notes for Samba 4.10.5
22 ==============================
25 This is a security release in order to address the following defects:
27 o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
29 o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
36 An authenticated user can crash the Samba AD DC's RPC server process via a
37 NULL pointer dereference.
40 An user with read access to the directory can cause a NULL pointer
41 dereference using the paged search control.
43 For more details and workarounds, please refer to the security advisories.
49 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
50 * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
52 * BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results