1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.12.13 - Release Notes</title>
8 <H2>Samba 4.12.13 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.12.13.tar.gz">Samba 4.12.13 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.12.13.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.12.12-4.12.13.diffs.gz">Patch (gzipped) against Samba 4.12.12</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.12.12-4.12.13.diffs.asc">Signature</a>
19 ===============================
20 Release Notes for Samba 4.12.13
22 ===============================
25 This is a security release in order to address the following defects:
27 o CVE-2020-27840: Heap corruption via crafted DN strings.
28 o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
36 An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
37 crafted DNs as part of a bind request. More serious heap corruption is likely
41 User-controlled LDAP filter strings against the AD DC LDAP server may crash
44 For more details, please refer to the security advisories.
50 o Andrew Bartlett <abartlet@samba.org>
51 * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
53 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
54 * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via
56 * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.