Samba 4.13.6 (gzipped)
Signature
Patch (gzipped) against Samba 4.13.5
Signature
============================== Release Notes for Samba 4.13.6 March 24, 2021 ============================== This is a security release in order to address the following defects: o CVE-2020-27840: Heap corruption via crafted DN strings. o CVE-2021-20277: Out of bounds read in AD DC LDAP server. ======= Details ======= o CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by sending easily crafted DNs as part of a bind request. More serious heap corruption is likely also possible. o CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP server may crash the LDAP server. For more details, please refer to the security advisories. Changes since 4.13.5 -------------------- o Andrew Bartlett <abartlet@samba.org> * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold. o Douglas Bagnall <douglas.bagnall@catalyst.net.nz> * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs. * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.