team: Add employer for Christof

[samba-web.git] / history / samba-4.10.15.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Samba 4.10.15 - Release Notes</title>
</head>
<body>
<H2>Samba 4.10.15 Available for Download</H2>
<p>
<a href="https://download.samba.org/pub/samba/stable/samba-4.10.15.tar.gz">Samba 4.10.15 (gzipped)</a><br>
<a href="https://download.samba.org/pub/samba/stable/samba-4.10.15.tar.asc">Signature</a>
</p>
<p>
<a href="https://download.samba.org/pub/samba/patches/samba-4.10.14-4.10.15.diffs.gz">Patch (gzipped) against Samba 4.10.14</a><br>
<a href="https://download.samba.org/pub/samba/patches/samba-4.10.14-4.10.15.diffs.asc">Signature</a>
</p>
<p>
<pre>
                   ===============================
                   Release Notes for Samba 4.10.15
                           April 28, 2020
                   ===============================


This is a security release in order to address the following defects:

o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ 
o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC


=======
Details
=======

o  CVE-2020-10700:
   A client combining the &apos;ASQ&apos; and &apos;Paged Results&apos; LDAP controls can cause a
   use-after-free in Samba&apos;s AD DC LDAP server.
o  CVE-2020-10704:
   A deeply nested filter in an un-authenticated LDAP search can exhaust the
   LDAP server&apos;s stack memory causing a SIGSEGV.

For more details, please refer to the security advisories.


Changes since 4.10.14
---------------------

o  Andrew Bartlett &lt;abartlet@samba.org&gt;
   * BUG 14331: CVE-2020-10700: Fix use-after-free in AD DC LDAP server when
     ASQ and paged_results combined.

o  Gary Lockyer &lt;gary@catalyst.net.nz&gt;
   * BUG 20454: CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in
     Samba AD DC.


</pre>
</p>
</body>
</html>