diff options
| author | Karolin Seeger <kseeger@samba.org> | 2021-03-23 11:10:55 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2021-03-23 11:10:55 +0100 |
| commit | 48b89864efa1176703774c54e1fb220f9827e934 (patch) | |
| tree | b431db29909ee7dd1183e37d379a979599193ec4 | |
| parent | 4d40e9ce9c7c36d8cd07cc79440811f97428bb80 (diff) | |
| download | samba-48b89864efa1176703774c54e1fb220f9827e934.tar.gz | |
WHATSNEW: Add release notes for Samba 4.12.13.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
| -rw-r--r-- | WHATSNEW.txt | 67 |
1 files changed, 65 insertions, 2 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 4b522a6b74d..54ba3298981 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,68 @@ =============================== + Release Notes for Samba 4.12.13 + March 24, 2021 + =============================== + + +This is a security release in order to address the following defects: + +o CVE-2020-27840: Heap corruption via crafted DN strings. +o CVE-2021-20277: Out of bounds read in AD DC LDAP server. + + +======= +Details +======= + +o CVE-2020-27840: + An anonymous attacker can crash the Samba AD DC LDAP server by sending easily + crafted DNs as part of a bind request. More serious heap corruption is likely + also possible. + +o CVE-2021-20277: + User-controlled LDAP filter strings against the AD DC LDAP server may crash + the LDAP server. + +For more details, please refer to the security advisories. + + +Changes since 4.12.11 +--------------------- + +o Andrew Bartlett <abartlet@samba.org> + * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold. + +o Douglas Bagnall <douglas.bagnall@catalyst.net.nz> + * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via + bad DNs. + * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + + =============================== Release Notes for Samba 4.12.12 March 11, 2021 =============================== @@ -67,8 +131,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- =============================== |