Samba 4.10.15 (gzipped)
Signature
Patch (gzipped) against Samba 4.10.14
Signature
===============================
Release Notes for Samba 4.10.15
April 28, 2020
===============================
This is a security release in order to address the following defects:
o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
=======
Details
=======
o CVE-2020-10700:
A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
use-after-free in Samba's AD DC LDAP server.
o CVE-2020-10704:
A deeply nested filter in an un-authenticated LDAP search can exhaust the
LDAP server's stack memory causing a SIGSEGV.
For more details, please refer to the security advisories.
Changes since 4.10.14
---------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 14331: CVE-2020-10700: Fix use-after-free in AD DC LDAP server when
ASQ and paged_results combined.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 20454: CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in
Samba AD DC.