Samba 4.12.13 (gzipped)
Signature
Patch (gzipped) against Samba 4.12.12
Signature
===============================
Release Notes for Samba 4.12.13
March 24, 2021
===============================
This is a security release in order to address the following defects:
o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
=======
Details
=======
o CVE-2020-27840:
An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
crafted DNs as part of a bind request. More serious heap corruption is likely
also possible.
o CVE-2021-20277:
User-controlled LDAP filter strings against the AD DC LDAP server may crash
the LDAP server.
For more details, please refer to the security advisories.
Changes since 4.12.12
---------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via
bad DNs.
* BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.