[SECURITY] [DLA 1607-1] samba security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : samba
Version : 2:4.2.14+dfsg-0+deb8u11
CVE ID : CVE-2018-14629 CVE-2018-16851
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:
CVE-2018-14629
Florian Stuelpner discovered that Samba is vulnerable to
infinite query recursion caused by CNAME loops, resulting in
denial of service.
CVE-2018-16851
Garming Sam of the Samba Team and Catalyst discovered a NULL pointer
dereference vulnerability in the Samba AD DC LDAP server allowing a
user able to read more than 256MB of LDAP entries to crash the Samba
AD DC's LDAP server.
For Debian 8 "Jessie", these problems have been fixed in version
2:4.2.14+dfsg-0+deb8u11.
We recommend that you upgrade your samba packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlwU1JUACgkQnUbEiOQ2
gwLibw//ShDYbgo91SJUABxsdui88iTr0tUlQ0GrU4HaUy4jgUOzu15MTNfUQyF6
bD4plPOxzY0hR2mulDKr/yrRWPv23o+SNBu2TBAZu2J+Z2SAuuL94T8mKX0dOVpR
Y14f5wemPhAKlghcHU/dNK9IZKwhuZdsurRoOra/g8vnX2igUmg2GDBUjs1pLirW
Rk8QI6RHT+bIovXLAKHGLP9Tcv2RsZCVKh3Ftc+lAlWWkM9yV/5STsyi06On3e8k
1M9akanoO19IJfy3vnbqnU1XKg5yqXILJKQVR19wYdcpYtY1FAmvMHU7+3O6VyMZ
pmrRZ1Gh1gv0tsFG4lLnvAHaP3YrjjWfUZXZcFo9IZg9u26cUyyHs+txX6kRcEj4
ztmREltbNJ1QoI+BQ11tWIAXhYfNNEF/h/PkWId47h2jmL7/B5egmOSTdJuP6AUv
CAKlWY7hGpJteIUZUSWCljcWS7Dt41VGUkj85q+jpq4E/fy1DjmQDmTajILCt7dH
JE9Q5iW25lOWju/xP3XfZYfo2bZWFI9TPylu6irmc+BQkWHPW/PgoGxlH1zHR6Gg
tTkbZ82Ms/jg2BMJNytxCud+X+aw3BthYMaLqzBjfAvgwchGqsk5T6Js57YTCp4i
swoEGcxZQrGpWupxU2OMeIMyr/KUm4tFyngmYRHyBrptCRG3whQ=
=pn0a
-----END PGP SIGNATURE-----
Reply to: