[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Wed Mar 24 11:48:41 UTC 2021


The branch, master has been updated
       via  4e1e3f6 NEWS[4.14.1]: Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases
      from  837ed7a update ml etiquette

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4e1e3f656288f06f197d83cbefe74920d544739b
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Mar 23 09:32:25 2021 +0100

    NEWS[4.14.1]: Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 history/header_history.html                      |  6 ++
 history/samba-4.12.13.html                       | 62 ++++++++++++++++
 history/samba-4.12.14.html                       | 59 +++++++++++++++
 history/samba-4.13.6.html                        | 62 ++++++++++++++++
 history/samba-4.13.7.html                        | 59 +++++++++++++++
 history/samba-4.14.1.html                        | 62 ++++++++++++++++
 history/samba-4.14.2.html                        | 59 +++++++++++++++
 history/security.html                            | 20 +++++
 posted_news/20210324-085952.4.14.1.body.html     | 83 +++++++++++++++++++++
 posted_news/20210324-085952.4.14.1.headline.html |  4 +
 security/CVE-2020-27840.html                     | 93 ++++++++++++++++++++++++
 security/CVE-2021-20277.html                     | 86 ++++++++++++++++++++++
 12 files changed, 655 insertions(+)
 create mode 100644 history/samba-4.12.13.html
 create mode 100644 history/samba-4.12.14.html
 create mode 100644 history/samba-4.13.6.html
 create mode 100644 history/samba-4.13.7.html
 create mode 100644 history/samba-4.14.1.html
 create mode 100644 history/samba-4.14.2.html
 create mode 100644 posted_news/20210324-085952.4.14.1.body.html
 create mode 100644 posted_news/20210324-085952.4.14.1.headline.html
 create mode 100644 security/CVE-2020-27840.html
 create mode 100644 security/CVE-2021-20277.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index f079984..81d04cf 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,13 +9,19 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-4.14.2.html">samba-4.14.2</a></li>
+			<li><a href="samba-4.14.1.html">samba-4.14.1</a></li>
 			<li><a href="samba-4.14.0.html">samba-4.14.0</a></li>
+			<li><a href="samba-4.13.7.html">samba-4.13.7</a></li>
+			<li><a href="samba-4.13.6.html">samba-4.13.6</a></li>
 			<li><a href="samba-4.13.5.html">samba-4.13.5</a></li>
 			<li><a href="samba-4.13.4.html">samba-4.13.4</a></li>
 			<li><a href="samba-4.13.3.html">samba-4.13.3</a></li>
 			<li><a href="samba-4.13.2.html">samba-4.13.2</a></li>
 			<li><a href="samba-4.13.1.html">samba-4.13.1</a></li>
 			<li><a href="samba-4.13.0.html">samba-4.13.0</a></li>
+			<li><a href="samba-4.12.14.html">samba-4.12.14</a></li>
+			<li><a href="samba-4.12.13.html">samba-4.12.13</a></li>
 			<li><a href="samba-4.12.12.html">samba-4.12.12</a></li>
 			<li><a href="samba-4.12.11.html">samba-4.12.11</a></li>
 			<li><a href="samba-4.12.10.html">samba-4.12.10</a></li>
diff --git a/history/samba-4.12.13.html b/history/samba-4.12.13.html
new file mode 100644
index 0000000..454a204
--- /dev/null
+++ b/history/samba-4.12.13.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.12.13 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.12.13 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.13.tar.gz">Samba 4.12.13 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.13.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.12-4.12.13.diffs.gz">Patch (gzipped) against Samba 4.12.12</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.12-4.12.13.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 4.12.13
+                           March 24, 2021
+                   ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-27840: Heap corruption via crafted DN strings.
+o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
+
+
+=======
+Details
+=======
+
+o  CVE-2020-27840:
+   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
+   crafted DNs as part of a bind request. More serious heap corruption is likely
+   also possible.
+
+o  CVE-2021-20277:
+   User-controlled LDAP filter strings against the AD DC LDAP server may crash
+   the LDAP server.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.12.12
+---------------------
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via
+     bad DNs.
+   * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.12.14.html b/history/samba-4.12.14.html
new file mode 100644
index 0000000..e8334c6
--- /dev/null
+++ b/history/samba-4.12.14.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.12.14 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.12.14 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.14.tar.gz">Samba 4.12.14 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.14.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.13-4.12.14.diffs.gz">Patch (gzipped) against Samba 4.12.13</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.13-4.12.14.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 4.12.14
+                           March 24, 2021
+                   ===============================
+
+
+This is a follow-up release to depend on the correct ldb version. This is only
+needed when building against a system ldb library.
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-27840: Heap corruption via crafted DN strings.
+o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
+
+
+=======
+Details
+=======
+
+o  CVE-2020-27840:
+   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
+   crafted DNs as part of a bind request. More serious heap corruption is likely
+   also possible.
+
+o  CVE-2021-20277:
+   User-controlled LDAP filter strings against the AD DC LDAP server may crash
+   the LDAP server.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.12.13
+---------------------
+
+o  Release with dependency on ldb version 2.1.5.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.13.6.html b/history/samba-4.13.6.html
new file mode 100644
index 0000000..9f98301
--- /dev/null
+++ b/history/samba-4.13.6.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.13.6 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.13.6 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.6.tar.gz">Samba 4.13.6 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.6.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.5-4.13.6.diffs.gz">Patch (gzipped) against Samba 4.13.5</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.5-4.13.6.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.13.6
+                           March 24, 2021
+                   ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-27840: Heap corruption via crafted DN strings.
+o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
+
+
+=======
+Details
+=======
+
+o  CVE-2020-27840:
+   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
+   crafted DNs as part of a bind request. More serious heap corruption is likely
+   also possible.
+
+o  CVE-2021-20277:
+   User-controlled LDAP filter strings against the AD DC LDAP server may crash
+   the LDAP server.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.13.5
+--------------------
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via
+     bad DNs.
+   * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.13.7.html b/history/samba-4.13.7.html
new file mode 100644
index 0000000..d2f8773
--- /dev/null
+++ b/history/samba-4.13.7.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.13.7 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.13.7 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.7.tar.gz">Samba 4.13.7 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.7.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.6-4.13.7.diffs.gz">Patch (gzipped) against Samba 4.13.6</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.6-4.13.7.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.13.7
+                           March 24, 2021
+                   ==============================
+
+
+This is a follow-up release to depend on the correct ldb version. This is only
+needed when building against a system ldb library.
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-27840: Heap corruption via crafted DN strings.
+o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
+
+
+=======
+Details
+=======
+
+o  CVE-2020-27840:
+   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
+   crafted DNs as part of a bind request. More serious heap corruption is likely
+   also possible.
+
+o  CVE-2021-20277:
+   User-controlled LDAP filter strings against the AD DC LDAP server may crash
+   the LDAP server.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.13.6
+--------------------
+
+o  Release with dependency on ldb version 2.2.1.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.14.1.html b/history/samba-4.14.1.html
new file mode 100644
index 0000000..2e9f58d
--- /dev/null
+++ b/history/samba-4.14.1.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.14.1 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.14.1 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.1.tar.gz">Samba 4.14.1 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.1.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.0-4.14.1.diffs.gz">Patch (gzipped) against Samba 4.14.0</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.0-4.14.1.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.14.1
+                           March 24, 2021
+                   ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-27840: Heap corruption via crafted DN strings.
+o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
+
+
+=======
+Details
+=======
+
+o  CVE-2020-27840:
+   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
+   crafted DNs as part of a bind request. More serious heap corruption is likely
+   also possible.
+
+o  CVE-2021-20277:
+   User-controlled LDAP filter strings against the AD DC LDAP server may crash
+   the LDAP server.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.14.0
+--------------------
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via
+     bad DNs.
+   * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.14.2.html b/history/samba-4.14.2.html
new file mode 100644
index 0000000..5cd752f
--- /dev/null
+++ b/history/samba-4.14.2.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.14.2 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.14.2 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.2.tar.gz">Samba 4.14.2 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.2.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.1-4.14.2.diffs.gz">Patch (gzipped) against Samba 4.14.1</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.1-4.14.2.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.14.2
+                           March 24, 2021
+                   ==============================
+
+
+This is a follow-up release to depend on the correct ldb version. This is only
+needed when building against a system ldb library.
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-27840: Heap corruption via crafted DN strings.
+o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
+
+
+=======
+Details
+=======
+
+o  CVE-2020-27840:
+   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
+   crafted DNs as part of a bind request. More serious heap corruption is likely
+   also possible.
+
+o  CVE-2021-20277:
+   User-controlled LDAP filter strings against the AD DC LDAP server may crash
+   the LDAP server.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.14.1
+--------------------
+
+o  Release with dependency on ldb version 2.3.0.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index b314df2..ee397c8 100755
--- a/history/security.html
+++ b/history/security.html
@@ -26,6 +26,26 @@ link to full release notes for each release.</p>
 	<td><em>Details</em></td>
       </tr>
 
+    <tr>
+	<td>24 Mar 2021</td>
+	<td><a href="/samba/ftp/patches/security/samba-4.14.0-security-2021-03-24.patch">
+	patch for Samba 4.14.0</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.13.5-security-2021-03-24.patch">
+	patch for Samba 4.13.5</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.12.12-security-2021-03-24.patch">
+	patch for Samba 4.12.12</a><br />
+	</td>
+	<td>CVE-2020-27840 and CVE-2021-20277. Please see announcements for details.
+	</td>
+	<td>Please refer to the advisories.</td>
+	<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27840">CVE-2020-27840</a>,
+	<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277">CVE-2021-20277</a>.
+	</td>
+	<td><a href="/samba/security/CVE-2020-27840.html">Announcement</a>,
+	<a href="/samba/security/CVE-2021-20277.html">Announcement</a>.
+	</td>
+    </tr>
+
     <tr>
 	<td>29 Oct 2020</td>
 	<td><a href="/samba/ftp/patches/security/samba-4.13.0-security-2020-10-29.patch">
diff --git a/posted_news/20210324-085952.4.14.1.body.html b/posted_news/20210324-085952.4.14.1.body.html
new file mode 100644
index 0000000..0403ae1
--- /dev/null
+++ b/posted_news/20210324-085952.4.14.1.body.html
@@ -0,0 +1,83 @@
+<!-- BEGIN: posted_news/20210324-085952.4.14.1.body.html -->
+<h5><a name="4.14.1">24 March 2021</a></h5>
+<p class=headline>Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13)
+Security Releases</p>
+<p>
+These are security releases in order to address <a
+href="/samba/security/CVE-2020-27840.html">CVE-2020-27840</a>
+(Heap corruption via crafted DN strings) and <a
+href="/samba/security/CVE-2021-20277.html">CVE-2021-20277</a> (Out of bounds
+read in AD DC LDAP server).
+</p>
+
+<p>
+Please ignore the 4.14.1, 4.13.6 and 4.12.13 releases
+and only use 4.14.2, 4.13.7 and 4.12.14.
+</p>
+
+<p>
+If you are building/using ldb from a system library, you'll
+also need the related updated ldb tarball, otherwise you can ignore it.
+</p>
+
+<p>
+The uncompressed Samba tarballs have been signed using GnuPG (ID AA99442FB680B620).
+</p>
+<p>
+The uncompressed ldb tarballs have been signed using GnuPG (ID 4793916113084025).
+</p>
+
+<p>
+The Samba 4.14.2 source code can be
+<a
+href="https://download.samba.org/pub/samba/stable/samba-4.14.2.tar.gz">downloaded
+here</a>.</br>
+Incremental patches for Samba are also available:
+<a
+href="https://download.samba.org/pub/samba/patches/samba-4.14.0-4.14.1.diffs.gz">patch
+from Samba 4.14.0 to 4.14.1</a> and 
+<a
+href="https://download.samba.org/pub/samba/patches/samba-4.14.1-4.14.2.diffs.gz">patch


-- 
Samba Website Repository



More information about the samba-cvs mailing list