Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-102198

Update Samba to 4.9.9 to address CVE-2019-12435

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done (View Workflow)
    • Priority: Low
    • Resolution: Complete
    • Affects Version/s: 11.2-U4.1
    • Fix Version/s: 11.2-U5
    • Component/s: Services
    • Labels:
      None

      JEditor

        Description

        CVE-2019-12435:                                                              
           An authenticated user can crash the Samba AD DC's RPC server process via a   
           NULL pointer dereference.
        
        For more details and workarounds, please refer to the security advisory. 

         

        Fixed in Samba 4.9.9

         

        FreeNAS 11.3 is unaffected because it is compiled without DC support.

        https://www.samba.org/samba/security/CVE-2019-12435.html 

          Attachments

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  awalker Andrew Walker
                  Reporter:
                  awalker Andrew Walker
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Summary Panel