Samba 4.10.15 (gzipped)
Signature
Patch (gzipped) against Samba 4.10.14
Signature
=============================== Release Notes for Samba 4.10.15 April 28, 2020 =============================== This is a security release in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC ======= Details ======= o CVE-2020-10700: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server. o CVE-2020-10704: A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV. For more details, please refer to the security advisories. Changes since 4.10.14 --------------------- o Andrew Bartlett <abartlet@samba.org> * BUG 14331: CVE-2020-10700: Fix use-after-free in AD DC LDAP server when ASQ and paged_results combined. o Gary Lockyer <gary@catalyst.net.nz> * BUG 20454: CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in Samba AD DC.