SAMBA+ 4.10.5 and 4.9.9 packages have just been released by SerNet. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.
The packages address the following issues:
- CVE-2019-12435 Samba AD DC Denial of Service in DNS management server (dnsserver)
An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference.
Affects Samba 4.9.9 and 4.10.5.
- CVE-2019-12436 Samba AD DC LDAP server crash (paged searches)
An user with read access to the directory can cause a NULL pointer dereference using the paged search control.
Affects Samba 4.10.5 only.
SAMBA+ is now also available for Debian Buster.
SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.