1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.14.2 - Release Notes</title>
8 <H2>Samba 4.14.2 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.14.2.tar.gz">Samba 4.14.2 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.14.2.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.14.1-4.14.2.diffs.gz">Patch (gzipped) against Samba 4.14.1</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.14.1-4.14.2.diffs.asc">Signature</a>
19 ==============================
20 Release Notes for Samba 4.14.2
22 ==============================
25 This is a follow-up release to depend on the correct ldb version. This is only
26 needed when building against a system ldb library.
28 This is a security release in order to address the following defects:
30 o CVE-2020-27840: Heap corruption via crafted DN strings.
31 o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
39 An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
40 crafted DNs as part of a bind request. More serious heap corruption is likely
44 User-controlled LDAP filter strings against the AD DC LDAP server may crash
47 For more details, please refer to the security advisories.
53 o Release with dependency on ldb version 2.3.0.