Samba has released software updates for three security vulnerabilities that impact Samba products. A remote attacker could take advantage of these bugs and exploit unpatched systems.
Samba software is used for file and print services for all clients using the SMB/CIFS protocol. In addition, Samba is used to seamlessly integrate Linux/Unix systems into Windows Active Directory environments.
The latest Samba security releases 4.11.5, 4.10.12 and 4.9.18 each address three vulnerabilities (CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344).
All three are rated moderate and summarized below:
- CVE-2019-14902: https://www.samba.org/samba/security/CVE-2019-14902.html
- CVE-2019-14907: Crash after failed character conversion at log level 3 or above
- CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Systems administrators should apply the necessary updates as soon as possible.