Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 706144 (CVE-2019-14902, CVE-2019-14907, CVE-2019-19344) - <net-fs/samba-{4.9.18, 4.10.12, 4.11.5}: multiple vulnerabilities (CVE-2019-{14902,14907,19344}
Summary: <net-fs/samba-{4.9.18, 4.10.12, 4.11.5}: multiple vulnerabilities (CVE-2019-{...
Status: RESOLVED FIXED
Alias: CVE-2019-14902, CVE-2019-14907, CVE-2019-19344
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-23 08:18 UTC by Frank Krömmelbein
Modified: 2020-03-25 16:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Frank Krömmelbein 2020-01-23 08:18:41 UTC
CVE-2019-14902 - Replication of ACLs set to inherit down a subtree on AD Directory not automatic). ( https://nvd.nist.gov/vuln/detail/CVE-2019-14902 )
CVE-2019-14907 - Crash after failed character conversion at log level 3 or above. ( https://nvd.nist.gov/vuln/detail/CVE-2019-14907 )
CVE-2019-19344 - Use after free during DNS zone scavenging in Samba AD DC. ( https://nvd.nist.gov/vuln/detail/CVE-2019-19344 )

Reproducible: Always
Comment 1 Sam James (sec padawan) 2020-03-18 21:12:58 UTC
@maintainer(s), can we cleanup here?
Comment 2 Thomas Deutschmann gentoo-dev Security 2020-03-25 16:14:05 UTC
Added to an existing GLSA.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2020-03-25 16:37:25 UTC
This issue was resolved and addressed in
 GLSA 202003-52 at https://security.gentoo.org/glsa/202003-52
by GLSA coordinator Thomas Deutschmann (whissi).