Great! Thank you. > On 25 Mar 2021, at 14:44, Adolf Belka wrote: > > Hi. > > I will pick it up. > > Adolf. > > > > On 25/03/2021 10:41, Michael Tremer wrote: >> Is anyone up for grabbing this? >> >> We should not be affected by these security issues, but I do not see any reasons why we should not update - just in case. >> >> -Michael >> >>> Begin forwarded message: >>> >>> From: Karolin Seeger via samba-announce >>> Subject: [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases >>> Date: 24 March 2021 at 12:02:14 GMT >>> To: samba-announce(a)lists.samba.org, samba(a)lists.samba.org, samba-technical(a)lists.samba.org >>> Reply-To: kseeger(a)samba.org >>> >>> Release Announcements >>> --------------------- >>> >>> These are security releases in order to address the following defects: >>> >>> o CVE-2020-27840: Heap corruption via crafted DN strings. >>> o CVE-2021-20277: Out of bounds read in AD DC LDAP server. >>> >>> >>> ======= >>> Details >>> ======= >>> >>> o CVE-2020-27840: >>> An anonymous attacker can crash the Samba AD DC LDAP server by sending easily >>> crafted DNs as part of a bind request. More serious heap corruption is likely >>> also possible. >>> >>> o CVE-2021-20277: >>> User-controlled LDAP filter strings against the AD DC LDAP server may crash >>> the LDAP server. >>> >>> For more details, please refer to the security advisories. >>> >>> >>> ####################################### >>> Reporting bugs & Development Discussion >>> ####################################### >>> >>> Please discuss this release on the samba-technical mailing list or by >>> joining the #samba-technical IRC channel on irc.freenode.net. >>> >>> If you do report problems then please try to send high quality >>> feedback. If you don't provide vital information to help us track down >>> the problem then you will probably be ignored. All bug reports should >>> be filed under the Samba 4.1 and newer product in the project's Bugzilla >>> database (https://bugzilla.samba.org/). >>> >>> >>> ====================================================================== >>> == Our Code, Our Bugs, Our Responsibility. >>> == The Samba Team >>> ====================================================================== >>> >>> >>> >>> ================ >>> Download Details >>> ================ >>> >>> The uncompressed tarballs and patch files have been signed >>> using GnuPG (ID AA99442FB680B620). The source code can be downloaded >>> from: >>> >>> https://download.samba.org/pub/samba/stable/ >>> >>> The release notes are available online at: >>> >>> https://www.samba.org/samba/history/samba-4.14.2.html >>> https://www.samba.org/samba/history/samba-4.13.7.html >>> https://www.samba.org/samba/history/samba-4.12.14.html >>> >>> Our Code, Our Bugs, Our Responsibility. >>> (https://bugzilla.samba.org/) >>> >>> --Enjoy >>> The Samba Team >> > -- > Sent from my laptop >