From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases Date: Thu, 25 Mar 2021 17:50:53 +0000 Message-ID: <2F3E0F22-2BC3-44E5-9992-38DF2C34FC71@ipfire.org> In-Reply-To: <43f64b58-f715-d78e-9755-07f1fb504718@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5468480202778828358==" List-Id: --===============5468480202778828358== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Great! Thank you. > On 25 Mar 2021, at 14:44, Adolf Belka wrote: >=20 > Hi. >=20 > I will pick it up. >=20 > Adolf. >=20 >=20 >=20 > On 25/03/2021 10:41, Michael Tremer wrote: >> Is anyone up for grabbing this? >>=20 >> We should not be affected by these security issues, but I do not see any r= easons why we should not update - just in case. >>=20 >> -Michael >>=20 >>> Begin forwarded message: >>>=20 >>> From: Karolin Seeger via samba-announce >>> Subject: [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4= .12.13) Security Releases >>> Date: 24 March 2021 at 12:02:14 GMT >>> To: samba-announce(a)lists.samba.org, samba(a)lists.samba.org, samba-tech= nical(a)lists.samba.org >>> Reply-To: kseeger(a)samba.org >>>=20 >>> Release Announcements >>> --------------------- >>>=20 >>> These are security releases in order to address the following defects: >>>=20 >>> o CVE-2020-27840: Heap corruption via crafted DN strings. >>> o CVE-2021-20277: Out of bounds read in AD DC LDAP server. >>>=20 >>>=20 >>> =3D=3D=3D=3D=3D=3D=3D >>> Details >>> =3D=3D=3D=3D=3D=3D=3D >>>=20 >>> o CVE-2020-27840: >>> An anonymous attacker can crash the Samba AD DC LDAP server by sending = easily >>> crafted DNs as part of a bind request. More serious heap corruption is = likely >>> also possible. >>>=20 >>> o CVE-2021-20277: >>> User-controlled LDAP filter strings against the AD DC LDAP server may c= rash >>> the LDAP server. >>>=20 >>> For more details, please refer to the security advisories. >>>=20 >>>=20 >>> ####################################### >>> Reporting bugs & Development Discussion >>> ####################################### >>>=20 >>> Please discuss this release on the samba-technical mailing list or by >>> joining the #samba-technical IRC channel on irc.freenode.net. >>>=20 >>> If you do report problems then please try to send high quality >>> feedback. If you don't provide vital information to help us track down >>> the problem then you will probably be ignored. All bug reports should >>> be filed under the Samba 4.1 and newer product in the project's Bugzilla >>> database (https://bugzilla.samba.org/). >>>=20 >>>=20 >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> =3D=3D Our Code, Our Bugs, Our Responsibility. >>> =3D=3D The Samba Team >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>=20 >>>=20 >>>=20 >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> Download Details >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>=20 >>> The uncompressed tarballs and patch files have been signed >>> using GnuPG (ID AA99442FB680B620). The source code can be downloaded >>> from: >>>=20 >>> https://download.samba.org/pub/samba/stable/ >>>=20 >>> The release notes are available online at: >>>=20 >>> https://www.samba.org/samba/history/samba-4.14.2.html >>> https://www.samba.org/samba/history/samba-4.13.7.html >>> https://www.samba.org/samba/history/samba-4.12.14.html >>>=20 >>> Our Code, Our Bugs, Our Responsibility. >>> (https://bugzilla.samba.org/) >>>=20 >>> --Enjoy >>> The Samba Team >>=20 > --=20 > Sent from my laptop >=20 --===============5468480202778828358==--