| Errata ID | 149 |
|---|---|
| Date | 2019-06-19 |
| Source package | samba |
| Fixed in version | 2:4.10.1-1A~4.4.0.201906111641 |
| Description | This update addresses the following issues: * A user with read access to the directory can cause a NULL pointer dereference using the paged search control (CVE-2019-12436). * An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer de-reference. This does not affect UCS, because UCS uses bind9 as DNS server instead of the Samba builtin implementation (CVE-2019-12435). For details and possible mitigations see: <https://www.samba.org/samba/security/CVE-2019-12435.html> <https://www.samba.org/samba/security/CVE-2019-12436.html> |
| Additional notes | |
| CVE ID | CVE-2019-12435 CVE-2019-12436 |
| UCS Bug number | #49626 |
