Samba 4.10.15 Available for Download

Samba 4.10.15 (gzipped)

Patch (gzipped) against Samba 4.10.14

                   Release Notes for Samba 4.10.15
                           April 28, 2020

This is a security release in order to address the following defects:

o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ 
o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC


o  CVE-2020-10700:
   A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
   use-after-free in Samba's AD DC LDAP server.
o  CVE-2020-10704:
   A deeply nested filter in an un-authenticated LDAP search can exhaust the
   LDAP server's stack memory causing a SIGSEGV.

For more details, please refer to the security advisories.

Changes since 4.10.14

o  Andrew Bartlett <>
   * BUG 14331: CVE-2020-10700: Fix use-after-free in AD DC LDAP server when
     ASQ and paged_results combined.

o  Gary Lockyer <>
   * BUG 20454: CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in
     Samba AD DC.