Samba 4.10.5 (gzipped)
Signature
Patch (gzipped) against Samba 4.10.4
Signature
============================== Release Notes for Samba 4.10.5 June 19, 2019 ============================== This is a security release in order to address the following defects: o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server (dnsserver)) o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches)) ======= Details ======= o CVE-2019-12435: An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference. o CVE-2019-12436: An user with read access to the directory can cause a NULL pointer dereference using the paged search control. For more details and workarounds, please refer to the security advisories. Changes since 4.10.4: --------------------- o Douglas Bagnall <douglas.bagnall@catalyst.net.nz> * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found in DnssrvOperation2. * BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results without messages.