Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-102198

Update Samba to 4.9.9 to address CVE-2019-12435

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done (View Workflow)
    • Priority: Low
    • Resolution: Done
    • Affects Version/s: 11.2-U4.1
    • Fix Version/s: 11.2-U5
    • Component/s: Services
    • Labels:
      None
    • Attempts to pass:
      1
    • Testing System:
      FreeNAS Mini XL
    • QA Status:
      Test Passes FreeNAS
    • Acceptance Criteria:
      smbd -V
    • Doc Engineer:
      Dru Lavigne
    • Doc Commit Version:
      11.2-legacy, 11.2-angular
    • Docs Complete:
      Yes

      Description

      CVE-2019-12435:                                                              
         An authenticated user can crash the Samba AD DC's RPC server process via a   
         NULL pointer dereference.
      
      For more details and workarounds, please refer to the security advisory. 

       

      Fixed in Samba 4.9.9

       

      FreeNAS 11.3 is unaffected because it is compiled without DC support.

      https://www.samba.org/samba/security/CVE-2019-12435.html 

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                awalker Andrew Walker
                Reporter:
                awalker Andrew Walker
                QE Engineer:
                Bonnie Follweiler
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel