[Announce] Samba 4.11.3, 4.10.11 and 4.9.17 Security Releases Available

Karolin Seeger kseeger at samba.org
Tue Dec 10 09:06:42 UTC 2019


Release Announcements
---------------------

These are a security release in order to address the following defects:

o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
		  management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
		  on Samba AD DC.


=======
Details
=======

o  CVE-2019-14861:
   An authenticated user can crash the DCE/RPC DNS management server by creating
   records with matching the zone name.

o  CVE-2019-14870:
   The DelegationNotAllowed Kerberos feature restriction was not being applied
   when processing protocol transition requests (S4U2Self), in the AD DC KDC.

For more details and workarounds, please refer to the security advisories.


Changes:
--------

o  Andrew Bartlett <abartlet at samba.org>
   * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash.

o  Isaac Boukris <iboukris at gmail.com>
   * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced.


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================



================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6F33915B6568B7EA).  The source code can be downloaded
from:

        https://download.samba.org/pub/samba/stable/

The release notes are available online at:

        https://www.samba.org/samba/history/samba-4.11.3.html
        https://www.samba.org/samba/history/samba-4.10.11.html
        https://www.samba.org/samba/history/samba-4.9.17.html

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20191210/9ed07c69/signature.sig>


More information about the samba-technical mailing list