Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-103657

Update Samba to 4.9.15 to address CVE-2019-10218, CVE-2019-14833, and CVE-2019-14847

    XMLWordPrintable

    Details

      Description

      Release Announcements
      ---------------------

      These are security releases in order to address the following defects:

      o CVE-2019-10218: Client code can return filenames containing path separators.         
      o CVE-2019-14833: Samba AD DC check password script does not receive the full
                        password.
      o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server
                        via dirsync.

      =======
      Details
      =======

      o  CVE-2019-10218:
         Malicious servers can cause Samba client code to return filenames containing
         path separators to calling code.

      o  CVE-2019-14833:
         When the password contains multi-byte (non-ASCII) characters, the check
         password script does not receive the full password string.

      o  CVE-2019-14847:
         Users with the "get changes" extended access right can crash the AD DC LDAP
         server by requesting an attribute using the range= syntax.

      For more details and workarounds, please refer to the security advisories.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              awalker Andrew Walker
              Reporter:
              awalker Andrew Walker
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Summary Panel