Samba release security update – 27th Nov 2018

Preface: Samba is an implementation of the Server Message Block (SMB)/Common Internet File System (CIFS) protocol for Unix systems, providing support for cross-platform file and printer sharing with Microsoft Windows, OS X, and other Unix.

Vulnerabilities highlights:
Double free error is caused by freeing same memory location twice by calling free() on the same allocated memory. A NULL pointer dereference is a sub type of an error causing a segmentation fault. It occurs when a program attempts to read or write to memory with a NULL pointer. This design limitation was happen in a lot of software application. Found above vulnerabilities occurs in Samba server. For more details, please refer below:

Unprivileged adding of CNAME record causing loop in AD Internal DNS server :

Double-free in Samba AD DC KDC with PKINIT

NULL pointer de-reference in Samba AD DC LDAP server

NULL pointer de-reference in Samba AD DC DNS servers

Samba AD DC S4U2Self Crash in experimental MIT Kerberos configuration (unsupported)

Bad password count in AD DC not always effective