history/samba-4.9.9.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   2  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml">
   4 <head>
   5 <title>Samba 4.9.9 - Release Notes</title>
   6 </head>
   7 <body>
   8 <H2>Samba 4.9.9 Available for Download</H2>
   9 <p>
  10 <a href="https://download.samba.org/pub/samba/stable/samba-4.9.9.tar.gz">Samba 4.9.9 (gzipped)</a><br>
  11 <a href="https://download.samba.org/pub/samba/stable/samba-4.9.9.tar.asc">Signature</a>
  12 </p>
  13 <p>
  14 <a href="https://download.samba.org/pub/samba/patches/samba-4.9.8-4.9.9.diffs.gz">Patch (gzipped) against Samba 4.9.8</a><br>
  15 <a href="https://download.samba.org/pub/samba/patches/samba-4.9.8-4.9.9.diffs.asc">Signature</a>
  16 </p>
  17 <p>
  18 <pre>
  19                    =============================
  20                    Release Notes for Samba 4.9.9
  21                             June 19, 2019
  22                    =============================
  23
  24
  25 This is a security release in order to address the following defect:
  26
  27 o  CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
  28                   (dnsserver))
  29
  30 =======
  31 Details
  32 =======
  33
  34 o  CVE-2019-12435:
  35    An authenticated user can crash the Samba AD DC&apos;s RPC server process via a
  36    NULL pointer dereference.
  37
  38 For more details and workarounds, please refer to the security advisory.
  39
  40
  41 Changes since 4.9.8:
  42 --------------------
  43
  44 o  Douglas Bagnall &lt;douglas.bagnall@catalyst.net.nz&gt;
  45    * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
  46      in DnssrvOperation2.
  47
  48
  49 </pre>
  50 </p>
  51 </body>
  52 </html>