mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
WHATSNEW: Add release notes for Samba 4.14.1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
This commit is contained in:
Karolin Seeger
parent
2d82f0e1b8
commit
94b42a3a39
64
WHATSNEW.txt
64
WHATSNEW.txt
@ -1,3 +1,67 @@
|
||||
==============================
|
||||
Release Notes for Samba 4.14.1
|
||||
March 24, 2021
|
||||
==============================
|
||||
|
||||
|
||||
This is a security release in order to address the following defects:
|
||||
|
||||
o CVE-2020-27840: Heap corruption via crafted DN strings.
|
||||
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
|
||||
|
||||
|
||||
=======
|
||||
Details
|
||||
=======
|
||||
|
||||
o CVE-2020-27840:
|
||||
An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
|
||||
crafted DNs as part of a bind request. More serious heap corruption is likely
|
||||
also possible.
|
||||
|
||||
o CVE-2021-20277:
|
||||
User-controlled LDAP filter strings against the AD DC LDAP server may crash
|
||||
the LDAP server.
|
||||
|
||||
For more details, please refer to the security advisories.
|
||||
|
||||
|
||||
Changes since 4.14.0
|
||||
--------------------
|
||||
|
||||
o Andrew Bartlett <abartlet@samba.org>
|
||||
* BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
|
||||
|
||||
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
* BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via
|
||||
bad DNs.
|
||||
* BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
|
||||
|
||||
|
||||
#######################################
|
||||
Reporting bugs & Development Discussion
|
||||
#######################################
|
||||
|
||||
Please discuss this release on the samba-technical mailing list or by
|
||||
joining the #samba-technical IRC channel on irc.freenode.net.
|
||||
|
||||
If you do report problems then please try to send high quality
|
||||
feedback. If you don't provide vital information to help us track down
|
||||
the problem then you will probably be ignored. All bug reports should
|
||||
be filed under the Samba 4.1 and newer product in the project's Bugzilla
|
||||
database (https://bugzilla.samba.org/).
|
||||
|
||||
|
||||
======================================================================
|
||||
== Our Code, Our Bugs, Our Responsibility.
|
||||
== The Samba Team
|
||||
======================================================================
|
||||
|
||||
|
||||
Release notes for older releases follow:
|
||||
----------------------------------------
|
||||
|
||||
|
||||
==============================
|
||||
Release Notes for Samba 4.14.0
|
||||
March 09, 2021
|
||||
|
||||
Loading…
Reference in New Issue
Block a user