-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : samba Version : 2:4.2.14+dfsg-0+deb8u11 CVE ID : CVE-2018-14629 CVE-2018-16851
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service. CVE-2018-16851 Garming Sam of the Samba Team and Catalyst discovered a NULL pointer dereference vulnerability in the Samba AD DC LDAP server allowing a user able to read more than 256MB of LDAP entries to crash the Samba AD DC's LDAP server. For Debian 8 "Jessie", these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u11. We recommend that you upgrade your samba packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlwU1JUACgkQnUbEiOQ2 gwLibw//ShDYbgo91SJUABxsdui88iTr0tUlQ0GrU4HaUy4jgUOzu15MTNfUQyF6 bD4plPOxzY0hR2mulDKr/yrRWPv23o+SNBu2TBAZu2J+Z2SAuuL94T8mKX0dOVpR Y14f5wemPhAKlghcHU/dNK9IZKwhuZdsurRoOra/g8vnX2igUmg2GDBUjs1pLirW Rk8QI6RHT+bIovXLAKHGLP9Tcv2RsZCVKh3Ftc+lAlWWkM9yV/5STsyi06On3e8k 1M9akanoO19IJfy3vnbqnU1XKg5yqXILJKQVR19wYdcpYtY1FAmvMHU7+3O6VyMZ pmrRZ1Gh1gv0tsFG4lLnvAHaP3YrjjWfUZXZcFo9IZg9u26cUyyHs+txX6kRcEj4 ztmREltbNJ1QoI+BQ11tWIAXhYfNNEF/h/PkWId47h2jmL7/B5egmOSTdJuP6AUv CAKlWY7hGpJteIUZUSWCljcWS7Dt41VGUkj85q+jpq4E/fy1DjmQDmTajILCt7dH JE9Q5iW25lOWju/xP3XfZYfo2bZWFI9TPylu6irmc+BQkWHPW/PgoGxlH1zHR6Gg tTkbZ82Ms/jg2BMJNytxCud+X+aw3BthYMaLqzBjfAvgwchGqsk5T6Js57YTCp4i swoEGcxZQrGpWupxU2OMeIMyr/KUm4tFyngmYRHyBrptCRG3whQ= =pn0a -----END PGP SIGNATURE-----