SAMBA+ 4.14.2, 4.13.7 and 4.12.14 Security Releases have just been released. The Samba packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.
The following defects have been addressed:
- CVE-2020-27840: Heap corruption via crafted DN strings.
- CVE-2021-20277: Out of bounds read in AD DC LDAP server.
This is the first stable release of the SAMBA+ 4.14 release series. Please read the 4.14.2 release notes carefully before upgrading.
Samba 4.13 has been turned into the maintenance mode, Samba 4.12 into the security fixes only mode (there will be a last bugfix release tomorrow) and Samba 4.11 is not supported any longer. For more details, please see Samba Release Planning.
SAMBA+ packages are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.