PublicDateAtUSN: 2020-01-21
Candidate: CVE-2019-19344
CRD: 2020-01-21
PublicDate: 2020-01-21 18:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
 https://www.samba.org/samba/security/CVE-2019-19344.html
 https://ubuntu.com/security/notices/USN-4244-1
Description:
 There is a use-after-free issue in all samba 4.9.x versions before 4.9.18,
 all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions
 before 4.11.5, essentially due to a call to realloc() while other local
 variables still point at the original buffer.
Ubuntu-Description: 
Notes: 
 mdeslaur> 4.9 and later only
Mitigation: 
Bugs: 
 https://bugzilla.samba.org/show_bug.cgi?id=14050
Priority: medium
Discovered-by: Christian Naumer
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_samba:
upstream_samba: released (4.11.5,4.10.12)
precise/esm_samba: not-affected
trusty_samba: ignored (out of standard support)
trusty/esm_samba: not-affected
xenial_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.16.04.24)
esm-infra/xenial_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.16.04.24)
bionic_samba: not-affected (2:4.7.6+dfsg~ubuntu-0ubuntu2.14)
disco_samba: released (2:4.10.0+dfsg-0ubuntu2.8)
eoan_samba: released (2:4.10.7+dfsg-0ubuntu2.4)
devel_samba: released (2:4.11.5+dfsg-1ubuntu1)