[Pkg-samba-maint] Bug#950499: Samba - CVE-2019-19344

Maurizio Cimaschi maurizio at cimaschi.it
Sun Feb 2 16:39:34 GMT 2020 

Package: samba
Version: 2:4.9.5+dfsg-5+deb10u1
Severity: wishlist

Dear Maintainer,
in the shipped version of samba the DNS scavenging function is broken:

https://www.samba.org/samba/security/CVE-2019-19344.html
https://security-tracker.debian.org/tracker/CVE-2019-19344

A patch already exists:

https://github.com/samba-team/samba/commit/55fb0c2f67ef1906c942729c00f9f918dd92a658

Please, could the patch be applied to the package ?

Thank you for you work and interest in this report.

Regards.


-- Package-specific info:
* /etc/samba/smb.conf present, but not attached
* /var/lib/samba/dhcp.conf present, but not attached

-- System Information:
Debian Release: 10.2
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages samba depends on:
ii  adduser           3.118
ii  dpkg              1.19.7
ii  libbsd0           0.9.1-2
ii  libc6             2.28-10
ii  libldb1           2:1.5.1+really1.4.6-3
ii  libpam-modules    1.3.1-5
ii  libpam-runtime    1.3.1-5
ii  libpopt0          1.16-12
ii  libpython2.7      2.7.16-2+deb10u1
ii  libtalloc2        2.1.14-2
ii  libtdb1           1.3.16-2+b1
ii  libtevent0        0.9.37-1
ii  lsb-base          10.2019051400
ii  procps            2:3.3.15-2
ii  python            2.7.16-1
ii  python-dnspython  1.16.0-1
ii  python-samba      2:4.9.5+dfsg-5+deb10u1
ii  python2.7         2.7.16-2+deb10u1
ii  samba-common      2:4.9.5+dfsg-5+deb10u1
ii  samba-common-bin  2:4.9.5+dfsg-5+deb10u1
ii  samba-libs        2:4.9.5+dfsg-5+deb10u1
ii  tdb-tools         1.3.16-2+b1

Versions of packages samba recommends:
pn  attr                <none>
ii  logrotate           3.14.0-4
ii  samba-dsdb-modules  2:4.9.5+dfsg-5+deb10u1
ii  samba-vfs-modules   2:4.9.5+dfsg-5+deb10u1

Versions of packages samba suggests:
ii  bind9          1:9.11.5.P4+dfsg-5.1
ii  bind9utils     1:9.11.5.P4+dfsg-5.1
pn  ctdb           <none>
pn  ldb-tools      <none>
ii  ntp            1:4.2.8p12+dfsg-4
pn  smbldap-tools  <none>
pn  ufw            <none>
ii  winbind        2:4.9.5+dfsg-5+deb10u1

-- no debconf information

More information about the Pkg-samba-maint mailing list