All versions of Samba from 4.0.0 onwards are vulnerable infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue.
Acknowledgments: Name: Andrew Bartlett (Catalyst and Samba Team) Upstream: Florian Stülpner (HiperScan)
Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=13600
Statement: Samba 4 packages distributed with Red Hat Enterprise Linux are built without the AD DC functionality, where this flaw is present. These packages are not affected by this vulnerability.
External Reference: https://www.samba.org/samba/security/CVE-2018-14629.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1654078]