[Pkg-samba-maint] Bug#930748: Bug#930748: samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
Mathieu Parent
math.parent at gmail.com
Wed Jun 19 21:12:15 BST 2019
Le mer. 19 juin 2019 à 21:51, Salvatore Bonaccorso <carnil at debian.org> a écrit :
>
> Source: samba
> Version: 2:4.9.5+dfsg-4
> Severity: important
> Tags: security upstream
>
> Hi,
Hi,
> The following vulnerability was published for samba.
>
> CVE-2019-12435[0]:
> | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer
> | dereference, leading to Denial of Service. This is related to the AD
> | DC DNS management server (dnsserver) RPC server process.
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2019-12435
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
> [1] https://www.samba.org/samba/security/CVE-2019-12435.html
I've just created a pre-approval unblock request to choose between
uploading 4.9.9 (including stability fixes) or 4.9.5+patch.
Regards
--
Mathieu Parent
More information about the Pkg-samba-maint
mailing list