Security Releases available: SAMBA+ 4.12.4, 4.11.11 and 4.10.17

SAMBA+ 4.12.4, 4.11.11 and 4.10.17 packages have just been released by SerNet. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.

The packages address the following issues:

  • CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results.

    A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer de-reference and further combinations with the LDAP paged_results feature can give a use-after-free in Samba's AD DC LDAP server.

  • CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU.

    Compression of replies to NetBIOS over TCP/IP name resolution and DNS packets (which can be supplied as UDP requests) can be abused to consume excessive amounts of CPU on the Samba AD DC (only).

  • CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV.

    The use of the paged_results or VLV controls against the Global Catalog LDAP server on the AD DC will cause a use-after-free.

  • CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.

    The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further requests once it receives an empty (zero-length) UDP packet to port 137.

SAMBA+ 4.12.5 packages will be available soon.

SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.

Newsletter

SerNet's Samba newsletter informs you about all important developments and events with its main focus on new packages.

+ subscribe to Newsletter

RSS Feed

Don't miss any more SAMBA+ news? Read the latest in your feed reader of choice.

+ subscribe to RSS feed

SAMBA+ Shop

Buy software subscriptions and support budgets. SAMBA+ subscriptions are available for 1, 2 and 3 years at the SAMBA+ shop.

+ visit the US Shop ($)

+ visit the World Shop (€)

Contact us
Contact

We are here for you!

Our sales team is happy to help you with any questions about all Samba products and services from SerNet - personally and individually tailored to your needs.

You can call us directly at +1 (415) 248-7818
or outside the US at +49 551 370000-0.
Mail us at sales@remove-this.sernet.com.

Contact us!

linke Spalte
rechte Splate
captcha
* Mandatory Fields
Deutsch English Français