[ubuntu/eoan-proposed] samba 2:4.10.0+dfsg-0ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jun 19 12:54:17 UTC 2019 

samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium

  * SECURITY UPDATE: zone operations can crash rpc server
    - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone
      not found in DnssrvOperation in
      python/samba/tests/dcerpc/dnsserver.py,
      source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
    - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone
      not found in DnssrvOperation2 in
      python/samba/tests/dcerpc/dnsserver.py,
      source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
    - CVE-2019-12435
  * SECURITY UPDATE: paged_searches crash on LDAP and homes access
    - debian/patches/CVE-2019-12436.patch: ignore successful results
      without messages in source4/dsdb/samdb/ldb_modules/paged_results.c,
      source4/dsdb/tests/python/vlv.py.
    - CVE-2019-12436

Date: Wed, 12 Jun 2019 10:08:44 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/samba/2:4.10.0+dfsg-0ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 12 Jun 2019 10:08:44 -0400
Source: samba
Architecture: source
Version: 2:4.10.0+dfsg-0ubuntu4
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium
 .
   * SECURITY UPDATE: zone operations can crash rpc server
     - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone
       not found in DnssrvOperation in
       python/samba/tests/dcerpc/dnsserver.py,
       source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
     - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone
       not found in DnssrvOperation2 in
       python/samba/tests/dcerpc/dnsserver.py,
       source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
     - CVE-2019-12435
   * SECURITY UPDATE: paged_searches crash on LDAP and homes access
     - debian/patches/CVE-2019-12436.patch: ignore successful results
       without messages in source4/dsdb/samdb/ldb_modules/paged_results.c,
       source4/dsdb/tests/python/vlv.py.
     - CVE-2019-12436
Checksums-Sha1:
 dd832feed7257c38fdbc32c81aa6d5e3dfcdbcbb 4207 samba_4.10.0+dfsg-0ubuntu4.dsc
 840ee969ec8c0383a0f0341b5bc571ad0c144587 251104 samba_4.10.0+dfsg-0ubuntu4.debian.tar.xz
 8e98b635bd79049cfad3ade6e87ac636b3ee95fa 11682 samba_4.10.0+dfsg-0ubuntu4_source.buildinfo
Checksums-Sha256:
 f2103033c72b876c8fbb02add4d961236b22d7e18186c14ae607214645fef749 4207 samba_4.10.0+dfsg-0ubuntu4.dsc
 134993589bc30f719a47448679332bb4a2f75171c12cd30fb018d612dad40c3d 251104 samba_4.10.0+dfsg-0ubuntu4.debian.tar.xz
 f01fa2b393de44e92ef080e92f7669af95ff599e203cf783250f6faf617c6a71 11682 samba_4.10.0+dfsg-0ubuntu4_source.buildinfo
Files:
 a24a4bc57328c2b3aab284387e0de454 4207 net optional samba_4.10.0+dfsg-0ubuntu4.dsc
 d6d9f569dec24a41cc56bdb87ad872c7 251104 net optional samba_4.10.0+dfsg-0ubuntu4.debian.tar.xz
 f171167079d256e3ad29e54282554d54 11682 net optional samba_4.10.0+dfsg-0ubuntu4_source.buildinfo
Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0KL08ACgkQZWnYVadE
vpMwLxAAgUE8W5mPFI2F5v+fuvFnLSUbpX3HcgVTslP1gjQ6J8TxgvrH6FjISKYU
PicIfx/MHlAeJ6gv4/J+ba9ELmPIsxRB8Jqtp1W8vTV4DpeFZincqSEHtEYlAGia
AQTJTwBByuJaFi+bSPLDsRwxQcnOEFxHuFuyLMvYNiUAmKGOvhQxMpP5ni2QYRw8
/zpniDvJ/7feeFWp9tvgeGx8OKcuShQWJIIgrrmePKk8XfM1g7dmF61+3b4g1IXL
vaGUIYEilb8Q9cRwWO1w8PFyAEB3CaYEur+ssczt6yrtaM+qcD92gOccSPYHc8Td
09iqEYkybrJi6kY15EqHdWKx8joF9qoKnBwY0NqnhpqJuhtK4Yjy+nXgGO11l+yD
XPw13wVPc5vYv2dY5ey6fnbZB1DKyhpcebQfs2/Jr4GJn4BfRSLwxNJEqywXUtC5
zGJkhXqZr4VFKX4VUmV07X5/AxI0Uc9eHQ+GLq1Vkl2Ubh4wlbVUNbQ32haarRGt
Cu2Mp9hkM4zcIAvjvsJ69pELPQSduJBTTWK+75ai8Db0fRPXvf82tw/DwCBVEkir
yZzlSyScGv/ZFmalMUEqV5ITttDJ+zN7VgY1G2MeAR1ODKqdMSuzqL9fLN/Ga9hp
VxxhQDjiSzrY861hRYrJGJHhPMDtw85kG91F4GyBhjEqYa92lg8=
=g0C0
-----END PGP SIGNATURE-----

More information about the Eoan-changes mailing list