[Pkg-samba-maint] Bug#930748: Bug#930748: samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)

Salvatore Bonaccorso carnil at debian.org
Wed Jun 19 21:41:48 BST 2019


Hey,

On Wed, Jun 19, 2019 at 10:12:15PM +0200, Mathieu Parent wrote:
> > The following vulnerability was published for samba.
> >
> > CVE-2019-12435[0]:
> > | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer
> > | dereference, leading to Denial of Service. This is related to the AD
> > | DC DNS management server (dnsserver) RPC server process.
> >
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2019-12435
> >     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
> > [1] https://www.samba.org/samba/security/CVE-2019-12435.html
> 
> I've just created a pre-approval unblock request to choose between
> uploading 4.9.9 (including stability fixes) or 4.9.5+patch.

Ack! Thank you Mathieu.

Regards,
Salvatore



More information about the Pkg-samba-maint mailing list