svn commit: r524234 - head/security/vuxml
Timur I. Bakeyev
timur at FreeBSD.org
Mon Jan 27 01:38:11 UTC 2020
Author: timur
Date: Mon Jan 27 01:38:10 2020
New Revision: 524234
URL: https://svnweb.freebsd.org/changeset/ports/524234
Log:
Add an entry about CVE-2019-14902, CVE-2019-14907, CVE-2019-19344 vulnerabilities in the Samba 4.1[01] versions.
Security: CVE-2019-14902
CVE-2019-14907
CVE-2019-19344
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Jan 26 21:45:11 2020 (r524233)
+++ head/security/vuxml/vuln.xml Mon Jan 27 01:38:10 2020 (r524234)
@@ -58,6 +58,47 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="5f0dd349-40a2-11ea-8d8c-005056a311d1">
+ <topic>samba -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>samba410</name>
+ <range><lt>4.10.12</lt></range>
+ </package>
+ <package>
+ <name>samba411</name>
+ <range><lt>4.11.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Samba Team reports:</p>
+ <blockquote cite="https://www.samba.org/samba/history/samba-4.10.12.html">
+ <p>CVE-2019-14902</p>
+ <p>The implementation of ACL inheritance in the Samba AD DC was not complete,
+ and so absent a 'full-sync' replication, ACLs could get out of sync between
+ domain controllers.</p>
+ <p>CVE-2019-14907</p>
+ <p>When processing untrusted string input Samba can read past the end of the
+ allocated buffer when printing a "Conversion error" message to the logs.</p>
+ <p>CVE-2019-19344</p>
+ <p>During DNS zone scavenging (of expired dynamic entries) there is a read of
+ memory after it has been freed.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.samba.org/samba/history/samba-4.10.12.html</url>
+ <cvename>CVE-2019-14902</cvename>
+ <cvename>CVE-2019-14907</cvename>
+ <cvename>CVE-2019-19344</cvename>
+ </references>
+ <dates>
+ <discovery>2020-01-14</discovery>
+ <entry>2020-01-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="dc8cff4c-4063-11ea-8a94-3497f6939fdd">
<topic>webkit-gtk3 -- Multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list