[NAS-102198] Update Samba to 4.9.9 to address CVE-2019-12435 - iX - Bug Tracker (Jira)

XML

Word

Printable

Details

Type: Improvement
Status: Done (View Workflow)
Priority: Low
Resolution: Complete
Affects Version/s: 11.2-U4.1
Fix Version/s: 11.2-U5
Component/s: Services
Labels:
None

Epic Link:
Updated software in TrueNAS 11.2-U5

Description

CVE-2019-12435:                                                              
   An authenticated user can crash the Samba AD DC's RPC server process via a   
   NULL pointer dereference.

For more details and workarounds, please refer to the security advisory.

Fixed in Samba 4.9.9

FreeNAS 11.3 is unaffected because it is compiled without DC support.

https://www.samba.org/samba/security/CVE-2019-12435.html

Adobe XD

Share XD links and collaborate with your team. Learn more |Send feedback

Attachments

Issue Links

duplicates

NAS-101764 Update Samba to 4.9.8 to address CVE-2018-16860

Engineering Closed

Activity

People

Assignee:: Andrew Walker

Reporter:: Andrew Walker

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 19/Jun/19 2:29 PM

Updated:: 07/Nov/19 2:40 PM

Resolved:: 24/Jun/19 9:46 AM