A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libwbclient-dev": "2:4.11.6+dfsg-0ubuntu1.1", "samba-libs": "2:4.11.6+dfsg-0ubuntu1.1", "registry-tools": "2:4.11.6+dfsg-0ubuntu1.1", "samba-common-bin": "2:4.11.6+dfsg-0ubuntu1.1", "libwbclient0-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "samba-dsdb-modules-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "libpam-winbind-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "libnss-winbind-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "python3-samba-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "winbind": "2:4.11.6+dfsg-0ubuntu1.1", "samba-vfs-modules": "2:4.11.6+dfsg-0ubuntu1.1", "samba-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "samba-common-bin-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "samba-testsuite": "2:4.11.6+dfsg-0ubuntu1.1", "smbclient-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "libsmbclient": "2:4.11.6+dfsg-0ubuntu1.1", "samba": "2:4.11.6+dfsg-0ubuntu1.1", "libsmbclient-dev": "2:4.11.6+dfsg-0ubuntu1.1", "libwbclient0": "2:4.11.6+dfsg-0ubuntu1.1", "samba-dsdb-modules": "2:4.11.6+dfsg-0ubuntu1.1", "python3-samba": "2:4.11.6+dfsg-0ubuntu1.1", "samba-vfs-modules-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "registry-tools-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "ctdb": "2:4.11.6+dfsg-0ubuntu1.1", "libnss-winbind": "2:4.11.6+dfsg-0ubuntu1.1", "libsmbclient-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "samba-libs-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "winbind-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "samba-testsuite-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1", "samba-common": "2:4.11.6+dfsg-0ubuntu1.1", "libpam-winbind": "2:4.11.6+dfsg-0ubuntu1.1", "smbclient": "2:4.11.6+dfsg-0ubuntu1.1", "samba-dev": "2:4.11.6+dfsg-0ubuntu1.1", "ctdb-dbgsym": "2:4.11.6+dfsg-0ubuntu1.1" } ] }