Samba 4.12.2 (gzipped)
Signature
Patch (gzipped) against Samba 4.12.1
Signature
==============================
Release Notes for Samba 4.12.2
April 28, 2020
==============================
This is a security release in order to address the following defects:
o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
=======
Details
=======
o CVE-2020-10700:
A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
use-after-free in Samba's AD DC LDAP server.
o CVE-2020-10704:
A deeply nested filter in an un-authenticated LDAP search can exhaust the
LDAP server's stack memory causing a SIGSEGV.
For more details, please refer to the security advisories.
Changes since 4.12.1
--------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 14331: CVE-2020-10700: Fix use-after-free in AD DC LDAP server when
ASQ and paged_results combined.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 20454: CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in
Samba AD DC.