Re: [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3201 bytes --]

Great! Thank you.

> On 25 Mar 2021, at 14:44, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi.
> 
> I will pick it up.
> 
> Adolf.
> 
> 
> 
> On 25/03/2021 10:41, Michael Tremer wrote:
>> Is anyone up for grabbing this?
>> 
>> We should not be affected by these security issues, but I do not see any reasons why we should not update - just in case.
>> 
>> -Michael
>> 
>>> Begin forwarded message:
>>> 
>>> From: Karolin Seeger via samba-announce <samba-announce(a)lists.samba.org>
>>> Subject: [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases
>>> Date: 24 March 2021 at 12:02:14 GMT
>>> To: samba-announce(a)lists.samba.org, samba(a)lists.samba.org, samba-technical(a)lists.samba.org
>>> Reply-To: kseeger(a)samba.org
>>> 
>>> Release Announcements
>>> ---------------------
>>> 
>>> These are security releases in order to address the following defects:
>>> 
>>> o CVE-2020-27840: Heap corruption via crafted DN strings.
>>> o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
>>> 
>>> 
>>> =======
>>> Details
>>> =======
>>> 
>>> o  CVE-2020-27840:
>>>   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
>>>   crafted DNs as part of a bind request. More serious heap corruption is likely
>>>   also possible.
>>> 
>>> o  CVE-2021-20277:
>>>   User-controlled LDAP filter strings against the AD DC LDAP server may crash
>>>   the LDAP server.
>>> 
>>> For more details, please refer to the security advisories.
>>> 
>>> 
>>> #######################################
>>> Reporting bugs & Development Discussion
>>> #######################################
>>> 
>>> Please discuss this release on the samba-technical mailing list or by
>>> joining the #samba-technical IRC channel on irc.freenode.net.
>>> 
>>> If you do report problems then please try to send high quality
>>> feedback. If you don't provide vital information to help us track down
>>> the problem then you will probably be ignored.  All bug reports should
>>> be filed under the Samba 4.1 and newer product in the project's Bugzilla
>>> database (https://bugzilla.samba.org/).
>>> 
>>> 
>>> ======================================================================
>>> == Our Code, Our Bugs, Our Responsibility.
>>> == The Samba Team
>>> ======================================================================
>>> 
>>> 
>>> 
>>> ================
>>> Download Details
>>> ================
>>> 
>>> The uncompressed tarballs and patch files have been signed
>>> using GnuPG (ID AA99442FB680B620).  The source code can be downloaded
>>> from:
>>> 
>>>        https://download.samba.org/pub/samba/stable/
>>> 
>>> The release notes are available online at:
>>> 
>>>        https://www.samba.org/samba/history/samba-4.14.2.html
>>>        https://www.samba.org/samba/history/samba-4.13.7.html
>>>        https://www.samba.org/samba/history/samba-4.12.14.html
>>> 
>>> Our Code, Our Bugs, Our Responsibility.
>>> (https://bugzilla.samba.org/)
>>> 
>>>                        --Enjoy
>>>                        The Samba Team
>> 
> -- 
> Sent from my laptop
>