[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Nov 27 09:13:07 UTC 2018
The branch, master has been updated
via cb0b96e NEWS[4.9.3]: Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available
from 218c436 Rework github contributor link text
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit cb0b96e83cb3cdc121236273c570994e514f2448
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun Nov 25 15:27:09 2018 +0100
NEWS[4.9.3]: Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.7.12.html | 98 ++++++++++++++++++
history/samba-4.8.7.html | 98 ++++++++++++++++++
history/samba-4.9.3.html | 126 ++++++++++++++++++++++++
history/security.html | 27 +++++
posted_news/20181127-085351.4.9.3.body.html | 35 +++++++
posted_news/20181127-085351.4.9.3.headline.html | 4 +
security/CVE-2018-14629.html | 76 ++++++++++++++
security/CVE-2018-16841.html | 82 +++++++++++++++
security/CVE-2018-16851.html | 83 ++++++++++++++++
security/CVE-2018-16852.html | 79 +++++++++++++++
security/CVE-2018-16853.html | 75 ++++++++++++++
security/CVE-2018-16857.html | 117 ++++++++++++++++++++++
13 files changed, 903 insertions(+)
create mode 100644 history/samba-4.7.12.html
create mode 100644 history/samba-4.8.7.html
create mode 100644 history/samba-4.9.3.html
create mode 100644 posted_news/20181127-085351.4.9.3.body.html
create mode 100644 posted_news/20181127-085351.4.9.3.headline.html
create mode 100644 security/CVE-2018-14629.html
create mode 100644 security/CVE-2018-16841.html
create mode 100644 security/CVE-2018-16851.html
create mode 100644 security/CVE-2018-16852.html
create mode 100644 security/CVE-2018-16853.html
create mode 100644 security/CVE-2018-16857.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index bfc59e0..6ffd230 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,9 +9,11 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.9.3.html">samba-4.9.3</a></li>
<li><a href="samba-4.9.2.html">samba-4.9.2</a></li>
<li><a href="samba-4.9.1.html">samba-4.9.1</a></li>
<li><a href="samba-4.9.0.html">samba-4.9.0</a></li>
+ <li><a href="samba-4.8.7.html">samba-4.8.7</a></li>
<li><a href="samba-4.8.6.html">samba-4.8.6</a></li>
<li><a href="samba-4.8.5.html">samba-4.8.5</a></li>
<li><a href="samba-4.8.4.html">samba-4.8.4</a></li>
@@ -19,6 +21,7 @@
<li><a href="samba-4.8.2.html">samba-4.8.2</a></li>
<li><a href="samba-4.8.1.html">samba-4.8.1</a></li>
<li><a href="samba-4.8.0.html">samba-4.8.0</a></li>
+ <li><a href="samba-4.7.12.html">samba-4.7.12</a></li>
<li><a href="samba-4.7.11.html">samba-4.7.11</a></li>
<li><a href="samba-4.7.10.html">samba-4.7.10</a></li>
<li><a href="samba-4.7.9.html">samba-4.7.9</a></li>
diff --git a/history/samba-4.7.12.html b/history/samba-4.7.12.html
new file mode 100644
index 0000000..b9647bd
--- /dev/null
+++ b/history/samba-4.7.12.html
@@ -0,0 +1,98 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.7.12 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.7.12 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.7.12.tar.gz">Samba 4.7.12 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.7.12.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.7.11-4.7.12.diffs.gz">Patch (gzipped) against Samba 4.7.11</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.7.11-4.7.12.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.7.12
+ November 27, 2018
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
+ Internal DNS server)
+o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
+o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
+o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
+ configuration (unsupported))
+
+
+=======
+Details
+=======
+
+o CVE-2018-14629:
+ All versions of Samba from 4.0.0 onwards are vulnerable to infinite
+ query recursion caused by CNAME loops. Any dns record can be added via
+ ldap by an unprivileged user using the ldbadd tool, so this is a
+ security issue.
+
+o CVE-2018-16841:
+ When configured to accept smart-card authentication, Samba's KDC will call
+ talloc_free() twice on the same memory if the principal in a validly signed
+ certificate does not match the principal in the AS-REQ.
+
+ This is only possible after authentication with a trusted certificate.
+
+ talloc is robust against further corruption from a double-free with
+ talloc_free() and directly calls abort(), terminating the KDC process.
+
+ There is no further vulnerability associated with this issue, merely a
+ denial of service.
+
+o CVE-2018-16851:
+ During the processing of an LDAP search before Samba's AD DC returns
+ the LDAP entries to the client, the entries are cached in a single
+ memory object with a maximum size of 256MB. When this size is
+ reached, the Samba process providing the LDAP service will follow the
+ NULL pointer, terminating the process.
+
+ There is no further vulnerability associated with this issue, merely a
+ denial of service.
+
+o CVE-2018-16853:
+ A user in a Samba AD domain can crash the KDC when Samba is built in the
+ non-default MIT Kerberos configuration.
+
+ With this advisory we clarify that the MIT Kerberos build of the Samba
+ AD DC is considered experimental. Therefore the Samba Team will not
+ issue security patches for this configuration.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.7.11:
+--------------------
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13628: CVE-2018-16841: heimdal: Fix segfault on PKINIT with
+ mis-matching principal.
+ * BUG 13678: CVE-2018-16853: build: The Samba AD DC, when build with MIT
+ Kerberos is experimental
+
+o Aaron Haslett <aaronhaslett at catalyst.net.nz>
+ * BUG 13600: CVE-2018-14629: dns: CNAME loop prevention using counter.
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 13674: CVE-2018-16851: ldap_server: Check ret before manipulating blob.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.8.7.html b/history/samba-4.8.7.html
new file mode 100644
index 0000000..cf148d8
--- /dev/null
+++ b/history/samba-4.8.7.html
@@ -0,0 +1,98 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.8.7 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.8.7 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.8.7.tar.gz">Samba 4.8.7 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.8.7.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.8.6-4.8.7.diffs.gz">Patch (gzipped) against Samba 4.8.6</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.8.6-4.8.7.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.8.7
+ November 27, 2018
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
+ Internal DNS server)
+o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
+o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
+o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
+ configuration (unsupported))
+
+
+=======
+Details
+=======
+
+o CVE-2018-14629:
+ All versions of Samba from 4.0.0 onwards are vulnerable to infinite
+ query recursion caused by CNAME loops. Any dns record can be added via
+ ldap by an unprivileged user using the ldbadd tool, so this is a
+ security issue.
+
+o CVE-2018-16841:
+ When configured to accept smart-card authentication, Samba's KDC will call
+ talloc_free() twice on the same memory if the principal in a validly signed
+ certificate does not match the principal in the AS-REQ.
+
+ This is only possible after authentication with a trusted certificate.
+
+ talloc is robust against further corruption from a double-free with
+ talloc_free() and directly calls abort(), terminating the KDC process.
+
+ There is no further vulnerability associated with this issue, merely a
+ denial of service.
+
+o CVE-2018-16851:
+ During the processing of an LDAP search before Samba's AD DC returns
+ the LDAP entries to the client, the entries are cached in a single
+ memory object with a maximum size of 256MB. When this size is
+ reached, the Samba process providing the LDAP service will follow the
+ NULL pointer, terminating the process.
+
+ There is no further vulnerability associated with this issue, merely a
+ denial of service.
+
+o CVE-2018-16853:
+ A user in a Samba AD domain can crash the KDC when Samba is built in the
+ non-default MIT Kerberos configuration.
+
+ With this advisory we clarify that the MIT Kerberos build of the Samba
+ AD DC is considered experimental. Therefore the Samba Team will not
+ issue security patches for this configuration.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.8.6:
+--------------------
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13628: CVE-2018-16841: heimdal: Fix segfault on PKINIT with
+ mis-matching principal.
+ * BUG 13678: CVE-2018-16853: build: The Samba AD DC, when build with MIT
+ Kerberos is experimental
+
+o Aaron Haslett <aaronhaslett at catalyst.net.nz>
+ * BUG 13600: CVE-2018-14629: dns: CNAME loop prevention using counter.
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 13674: CVE-2018-16851: ldap_server: Check ret before manipulating blob.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.9.3.html b/history/samba-4.9.3.html
new file mode 100644
index 0000000..ed12cab
--- /dev/null
+++ b/history/samba-4.9.3.html
@@ -0,0 +1,126 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.9.3 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.9.3 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.9.3.tar.gz">Samba 4.9.3 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.9.3.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.9.2-4.9.3.diffs.gz">Patch (gzipped) against Samba 4.9.2</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.9.2-4.9.3.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.9.3
+ November 27, 2018
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
+ Internal DNS server)
+o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
+o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
+o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
+o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
+ configuration (unsupported))
+o CVE-2018-16857 (Bad password count in AD DC not always effective)
+
+
+=======
+Details
+=======
+
+o CVE-2018-14629:
+ All versions of Samba from 4.0.0 onwards are vulnerable to infinite
+ query recursion caused by CNAME loops. Any dns record can be added via
+ ldap by an unprivileged user using the ldbadd tool, so this is a
+ security issue.
+
+o CVE-2018-16841:
+ When configured to accept smart-card authentication, Samba's KDC will call
+ talloc_free() twice on the same memory if the principal in a validly signed
+ certificate does not match the principal in the AS-REQ.
+
+ This is only possible after authentication with a trusted certificate.
+
+ talloc is robust against further corruption from a double-free with
+ talloc_free() and directly calls abort(), terminating the KDC process.
+
+ There is no further vulnerability associated with this issue, merely a
+ denial of service.
+
+o CVE-2018-16851:
+ During the processing of an LDAP search before Samba's AD DC returns
+ the LDAP entries to the client, the entries are cached in a single
+ memory object with a maximum size of 256MB. When this size is
+ reached, the Samba process providing the LDAP service will follow the
+ NULL pointer, terminating the process.
+
+ There is no further vulnerability associated with this issue, merely a
+ denial of service.
+
+o CVE-2018-16852:
+ During the processing of an DNS zone in the DNS management DCE/RPC server,
+ the internal DNS server or the Samba DLZ plugin for BIND9, if the
+ DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
+ property is set, the server will follow a NULL pointer and terminate.
+
+ There is no further vulnerability associated with this issue, merely a
+ denial of service.
+
+o CVE-2018-16853:
+ A user in a Samba AD domain can crash the KDC when Samba is built in the
+ non-default MIT Kerberos configuration.
+
+ With this advisory we clarify that the MIT Kerberos build of the Samba
+ AD DC is considered experimental. Therefore the Samba Team will not
+ issue security patches for this configuration.
+
+o CVE-2018-16857:
+ AD DC Configurations watching for bad passwords (to restrict brute forcing
+ of passwords) in a window of more than 3 minutes may not watch for bad
+ passwords at all.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.9.2:
+--------------------
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13628: CVE-2018-16841: heimdal: Fix segfault on PKINIT with
+ mis-matching principal.
+ * BUG 13678: CVE-2018-16853: build: The Samba AD DC, when build with MIT
+ Kerberos is experimental
+
+o Tim Beale <timbeale at catalyst.net.nz>
+ * BUG 13683: CVE-2018-16857: dsdb/util: Correctly treat
+ lockOutObservationWindow as 64-bit int.
+
+o Joe Guo <joeg at catalyst.net.nz>
+ * BUG 13683: CVE-2018-16857 PEP8: Fix E305: Expected 2 blank lines after
+ class or function definition, found 1.
+
+o Aaron Haslett <aaronhaslett at catalyst.net.nz>
+ * BUG 13600: CVE-2018-14629: dns: CNAME loop prevention using counter.
+
+o Gary Lockyer <gary at catalyst.net.nz>
+ * BUG 13669: CVE-2018-16852: Fix NULL pointer de-reference in Samba AD DC
+ DNS management.
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 13674: CVE-2018-16851: ldap_server: Check ret before manipulating blob.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index aa6b4fb..014857e 100755
--- a/history/security.html
+++ b/history/security.html
@@ -21,6 +21,33 @@ link to full release notes for each release.</p>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>27 Nov 2018</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.9.2-security-2018-11-27.patch">
+ patch for Samba 4.9.2 (all CVEs)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.8.6-security-2018-11-27.patch">
+ patch for Samba 4.8.6 (all CVEs except CVE-2018-16852 and CVE-2018-16857)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.7.11-security-2018-11-27.patch">
+ patch for Samba 4.7.11 (all CVEs except CVE-2018-16852 and CVE-2018-16857)</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629">CVE-2018-14629</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16841">CVE-2018-16841</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851">CVE-2018-16851</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16852">CVE-2018-16852</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16853">CVE-2018-16853</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16857">CVE-2018-16857</a>
+ </td>
+ <td><a href="/samba/security/CVE-2018-14629.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16841.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16851.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16852.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16853.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16857.html">Announcement</a>
+ </td>
+ </tr>
+
<tr>
<td>14 Aug 2018</td>
<td><a href="/samba/ftp/patches/security/samba-4.8.3-security-2018-08-14.patch">
diff --git a/posted_news/20181127-085351.4.9.3.body.html b/posted_news/20181127-085351.4.9.3.body.html
new file mode 100644
index 0000000..1b5da5c
--- /dev/null
+++ b/posted_news/20181127-085351.4.9.3.body.html
@@ -0,0 +1,35 @@
+<!-- BEGIN: posted_news/20181127-085351.4.9.3.body.html -->
+<h5><a name="4.9.3">27 November 2018</a></h5>
+<p class=headline>Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available</p>
+<p>
+These are security releases in order to address<br>
+<a href="/samba/security/CVE-2018-14629.html">CVE-2018-14629</a>
+(Unprivileged adding of CNAME record causing loop in AD Internal DNS server),<br>
+<a href="/samba/security/CVE-2018-16841.html">CVE-2018-16841</a>
+(Double-free in Samba AD DC KDC with PKINIT),<br>
+<a href="/samba/security/CVE-2018-16851.html">CVE-2018-16851</a>
+(NULL pointer de-reference in Samba AD DC LDAP server),<br>
+<a href="/samba/security/CVE-2018-16852.html">CVE-2018-16852</a>
+(NULL pointer de-reference in Samba AD DC DNS servers),<br>
+<a href="/samba/security/CVE-2018-16853.html">CVE-2018-16853</a>
+(Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) and<br>
+<a href="/samba/security/CVE-2018-16857.html">CVE-2018-16857</a>
+(Bad password count in AD DC not always effective).
+</p>
+<p>
+The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA).
+<br>
+The 4.9.3 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.9.3.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.9.2-4.9.3.diffs.gz">patch against Samba 4.9.2</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.9.3.html">the release notes for more info</a>.
+<br>
+The 4.8.7 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.8.7.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.8.6-4.8.7.diffs.gz">patch against Samba 4.8.6</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.8.7.html">the release notes for more info</a>.
+<br>
+The 4.7.12 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.7.12.tar.gz">downloaded now</a>.
+A <a
+href="https://download.samba.org/pub/samba/patches/samba-4.7.11-4.7.12.diffs.gz">patch against Samba 4.7.11</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.7.12.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20181127-085351.4.9.3.body.html -->
diff --git a/posted_news/20181127-085351.4.9.3.headline.html b/posted_news/20181127-085351.4.9.3.headline.html
new file mode 100644
index 0000000..cc1efe6
--- /dev/null
+++ b/posted_news/20181127-085351.4.9.3.headline.html
@@ -0,0 +1,4 @@
+<!-- BEGIN: posted_news/20181127-085351.4.9.3.headline.html -->
+<li> 27 November 2018 <a href="#4.9.3">Samba 4.9.3, 4.8.7 and 4.7.12 Security
+Releases Available</a></li>
+<!-- END: posted_news/20181127-085351.4.9.3.headline.html -->
diff --git a/security/CVE-2018-14629.html b/security/CVE-2018-14629.html
new file mode 100644
index 0000000..37fae39
--- /dev/null
+++ b/security/CVE-2018-14629.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2018-14629.html
+
+<p>
+<pre>
+====================================================================
+== Subject: Unprivileged adding of CNAME record causing loop
+== in AD Internal DNS server
+==
+== CVE ID#: CVE-2018-14629
+==
+== Versions: All versions of Samba from 4.0.0 onwards.
+==
+== Summary: CNAME loops can cause DNS server crashes, and CNAMEs
+== can be added by unprivileged users.
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 4.0.0 onwards are vulnerable to infinite
+query recursion caused by CNAME loops. Any dns record can be added via
+ldap by an unprivileged user using the ldbadd tool, so this is a
+security issue.
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
--
Samba Website Repository
More information about the samba-cvs
mailing list