Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 706144 (CVE-2019-14902, CVE-2019-14907, CVE-2019-19344)

Summary: <net-fs/samba-{4.9.18, 4.10.12, 4.11.5}: multiple vulnerabilities (CVE-2019-{14902,14907,19344}
Product: Gentoo Security Reporter: Frank Krömmelbein <kroemmelbein>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: hydrapolic, samba
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ cve]
Package list:
Runtime testing required: ---

Description Frank Krömmelbein 2020-01-23 08:18:41 UTC 
CVE-2019-14902 - Replication of ACLs set to inherit down a subtree on AD Directory not automatic). ( https://nvd.nist.gov/vuln/detail/CVE-2019-14902 )
CVE-2019-14907 - Crash after failed character conversion at log level 3 or above. ( https://nvd.nist.gov/vuln/detail/CVE-2019-14907 )
CVE-2019-19344 - Use after free during DNS zone scavenging in Samba AD DC. ( https://nvd.nist.gov/vuln/detail/CVE-2019-19344 )

Reproducible: Always
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-18 21:12:58 UTC 
@maintainer(s), can we cleanup here?
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 16:14:05 UTC 
Added to an existing GLSA.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2020-03-25 16:37:25 UTC 
This issue was resolved and addressed in
 GLSA 202003-52 at https://security.gentoo.org/glsa/202003-52
by GLSA coordinator Thomas Deutschmann (whissi).