1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.10.15 - Release Notes</title>
8 <H2>Samba 4.10.15 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.10.15.tar.gz">Samba 4.10.15 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.10.15.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.10.14-4.10.15.diffs.gz">Patch (gzipped) against Samba 4.10.14</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.10.14-4.10.15.diffs.asc">Signature</a>
19 ===============================
20 Release Notes for Samba 4.10.15
22 ===============================
25 This is a security release in order to address the following defects:
27 o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
28 o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
36 A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
37 use-after-free in Samba's AD DC LDAP server.
39 A deeply nested filter in an un-authenticated LDAP search can exhaust the
40 LDAP server's stack memory causing a SIGSEGV.
42 For more details, please refer to the security advisories.
48 o Andrew Bartlett <abartlet@samba.org>
49 * BUG 14331: CVE-2020-10700: Fix use-after-free in AD DC LDAP server when
50 ASQ and paged_results combined.
52 o Gary Lockyer <gary@catalyst.net.nz>
53 * BUG 20454: CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in