Samba fixes 3 vulnerabilities

Samba has released software updates for three security vulnerabilities that impact Samba products. A remote attacker could take advantage of these bugs and exploit unpatched systems.

Samba software is used for file and print services for all clients using the SMB/CIFS protocol. In addition, Samba is used to seamlessly integrate Linux/Unix systems into Windows Active Directory environments.

The latest Samba security releases 4.11.5, 4.10.12 and 4.9.18 each address three vulnerabilities (CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344).

All three are rated moderate and summarized below:

  • CVE-2019-14902:
  • CVE-2019-14907: Crash after failed character conversion at log level 3 or above
  • CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.

Systems administrators should apply the necessary updates as soon as possible.