Samba 4.14.1 Available for Download

Samba 4.14.1 (gzipped)
Signature

Patch (gzipped) against Samba 4.14.0
Signature

                   ==============================
                   Release Notes for Samba 4.14.1
                           March 24, 2021
                   ==============================


This is a security release in order to address the following defects:

o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.


=======
Details
=======

o  CVE-2020-27840:
   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
   crafted DNs as part of a bind request. More serious heap corruption is likely
   also possible.

o  CVE-2021-20277:
   User-controlled LDAP filter strings against the AD DC LDAP server may crash
   the LDAP server.

For more details, please refer to the security advisories.


Changes since 4.14.0
--------------------

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via
     bad DNs.
   * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.