Karolin Seeger
2020-Jul-02 08:42 UTC
[Announce] Samba 4.12.4, 4.11.11 and 4.10.17 Security Releases Available
Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results. o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV. o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd. ======Details ====== o CVE-2020-10730: A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer de-reference and further combinations with the LDAP paged_results feature can give a use-after-free in Samba's AD DC LDAP server. o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU. o CVE-2020-10760: The use of the paged_results or VLV controls against the Global Catalog LDAP server on the AD DC will cause a use-after-free. o CVE-2020-14303: The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further requests once it receives an empty (zero-length) UDP packet to port 137. For more details, please refer to the security advisories. Changes since 4.12.3 -------------------- o Douglas Bagnall <douglas.bagnall at catalyst.net.nz> * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use several seconds of CPU each. o Andrew Bartlett <abartlet at samba.org> * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined. * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV. * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to AD DC nbt_server. o Gary Lockyer <gary at catalyst.net.nz> * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined, ldb: Bump version to 2.1.4. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). ======================================================================= Our Code, Our Bugs, Our Responsibility. == The Samba Team ===================================================================== ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.12.4.html https://www.samba.org/samba/history/samba-4.11.11.html https://www.samba.org/samba/history/samba-4.10.17.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba-announce/attachments/20200702/6e4a4115/signature.sig>
Seemingly Similar Threads
- [Announce] Samba 4.12.4, 4.11.11 and 4.10.17 Security Releases Available
- Samba4 KDC - no such entry found in hdb
- Is possible to use samba4 and openldap without ldapi?
- [Announce] Samba 4.12.2, 4.11.8 and 4.10.15 Security Releases Available
- [Announce] Samba 4.12.2, 4.11.8 and 4.10.15 Security Releases Available