"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "WHATSNEW.txt" between
samba-4.12.3.tar.gz and samba-4.12.5.tar.gz

About: Samba is the standard Windows interoperability suite of programs for Linux and Unix providing secure, stable and fast file and print services for all clients using the SMB/CIFS protocol. 4.12 series.

WHATSNEW.txt  (samba-4.12.3):WHATSNEW.txt  (samba-4.12.5)
============================== ==============================
Release Notes for Samba 4.12.5
July 02, 2020
==============================
This is the latest stable release of the Samba 4.12 release series.
Changes since 4.12.4
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14301: Fix smbd panic on force-close share during async io.
* BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols in any file name.
* BUG 14391: Fix DFS links.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14310: Can't use DNS functionality after a Windows DC has been in
domain.
o Alexander Bokovoy <ab@samba.org>
* BUG 14413: ldapi search to FreeIPA crashes.
o Isaac Boukris <iboukris@gmail.com>
* BUG 14396: Add net-ads-join dnshostname=fqdn option.
* BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.
o Björn Jacke <bj@sernet.de>
* BUG 14386: docs-xml: Update list of posible VFS operations for
vfs_full_audit.
o Volker Lendecke <vl@samba.org>
* BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
o Andreas Schneider <asn@samba.org>
* BUG 14370: Client tools are not able to read gencache anymore.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
Release notes for older releases follow:
----------------------------------------
==============================
Release Notes for Samba 4.12.4
July 02, 2020
==============================
This is a security release in order to address the following defects:
o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
LDAP Server with ASQ, VLV and paged_results.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
=======
Details
=======
o CVE-2020-10730:
A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
de-reference and further combinations with the LDAP paged_results feature can
give a use-after-free in Samba's AD DC LDAP server.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU.
o CVE-2020-10760:
The use of the paged_results or VLV controls against the Global Catalog LDAP
server on the AD DC will cause a use-after-free.
o CVE-2020-14303:
The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
further requests once it receives an empty (zero-length) UDP packet to
port 137.
For more details, please refer to the security advisories.
Changes since 4.12.3
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
several seconds of CPU each.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined.
* BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV.
* BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
AD DC nbt_server.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined, ldb: Bump version to 2.1.4.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
==============================
Release Notes for Samba 4.12.3 Release Notes for Samba 4.12.3
May 19, 2020 May 19, 2020
============================== ==============================
This is the latest stable release of the Samba 4.12 release series. This is the latest stable release of the Samba 4.12 release series.
Changes since 4.12.2 Changes since 4.12.2
-------------------- --------------------
o Jeremy Allison <jra@samba.org> o Jeremy Allison <jra@samba.org>
skipping to change at line 78 skipping to change at line 213
feedback. If you don't provide vital information to help us track down feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/). database (https://bugzilla.samba.org/).
====================================================================== ======================================================================
== Our Code, Our Bugs, Our Responsibility. == Our Code, Our Bugs, Our Responsibility.
== The Samba Team == The Samba Team
====================================================================== ======================================================================
Release notes for older releases follow: ----------------------------------------------------------------------
============================== ==============================
Release Notes for Samba 4.12.2 Release Notes for Samba 4.12.2
April 28, 2020 April 28, 2020
============================== ==============================
This is a security release in order to address the following defects: This is a security release in order to address the following defects:
o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
 End of changes. 2 change blocks. 
1 lines changed or deleted 136 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)