Details
-
Type:
Improvement
-
Status: Done (View Workflow)
-
Priority:
Low
-
Resolution: Complete
-
Affects Version/s: None
-
Fix Version/s: 11.2-U7, TrueNAS 11.2-U7
-
Component/s: Services
-
Labels:None
Description
Release Announcements
---------------------
These are security releases in order to address the following defects:
o CVE-2019-10218: Client code can return filenames containing path separators.
o CVE-2019-14833: Samba AD DC check password script does not receive the full
password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server
via dirsync.
=======
Details
=======
o CVE-2019-10218:
Malicious servers can cause Samba client code to return filenames containing
path separators to calling code.
o CVE-2019-14833:
When the password contains multi-byte (non-ASCII) characters, the check
password script does not receive the full password string.
o CVE-2019-14847:
Users with the "get changes" extended access right can crash the AD DC LDAP
server by requesting an attribute using the range= syntax.
For more details and workarounds, please refer to the security advisories.
Adobe XD
Attachments
Attachments
JEditor
Issue Links
- relates to
-
NAS-102502 Update Samba to 4.10.10 to address CVE-2019-10218, CVE-2019-14833, and CVE-2019-14847
-
- Done
-