[Samba] [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases
L.P.H. van Belle
belle at bazuin.nl
Thu Mar 25 08:36:11 UTC 2021
Hai Joachim,
Packages will come online soon, all builders are running.
Building and more important testing them do cost time.
But they will come online today.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Joachim Lindenberg [mailto:samba at lindenberg.one]
> Verzonden: woensdag 24 maart 2021 19:28
> Aan: 'L.P.H. van Belle'
> Onderwerp: WG: [Samba] [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6)
> and 4.12.14 (4.12.13) Security Releases
>
> Hai Louis,
> I ran apt update & apt upgrade & samba -V
> and it still reports Version 4.12.12-Debian. Is there a delay because of a
> CDN? Or too busy with other stuff?
> Didn´t check the one instance on 4.13, that is offline right now.
> Greetz,
> Joachim
>
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Karolin Seeger
> via samba
> Gesendet: Wednesday, 24 March 2021 13:02
> An: samba-announce at lists.samba.org; samba at lists.samba.org; samba-
> technical at lists.samba.org
> Betreff: [Samba] [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and
> 4.12.14 (4.12.13) Security Releases
>
> Release Announcements
> ---------------------
>
> These are security releases in order to address the following defects:
>
> o CVE-2020-27840: Heap corruption via crafted DN strings.
> o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
>
>
> =======
> Details
> =======
>
> o CVE-2020-27840:
> An anonymous attacker can crash the Samba AD DC LDAP server by sending
> easily
> crafted DNs as part of a bind request. More serious heap corruption is
> likely
> also possible.
>
> o CVE-2021-20277:
> User-controlled LDAP filter strings against the AD DC LDAP server may
> crash
> the LDAP server.
>
> For more details, please refer to the security advisories.
>
>
> #######################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality feedback.
> If you don't provide vital information to help us track down the problem
> then you will probably be ignored. All bug reports should be filed under
> the Samba 4.1 and newer product in the project's Bugzilla database
> (https://bugzilla.samba.org/).
>
>
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
>
>
>
> ================
> Download Details
> ================
>
> The uncompressed tarballs and patch files have been signed using GnuPG (ID
> AA99442FB680B620). The source code can be downloaded
> from:
>
> https://download.samba.org/pub/samba/stable/
>
> The release notes are available online at:
>
> https://www.samba.org/samba/history/samba-4.14.2.html
> https://www.samba.org/samba/history/samba-4.13.7.html
> https://www.samba.org/samba/history/samba-4.12.14.html
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
> --Enjoy
> The Samba Team
More information about the samba
mailing list