| Errata ID | 645 |
|---|---|
| Date | 2020-07-02 |
| Source package | samba |
| Fixed in version | 2:4.10.1-1A~4.4.0.202006301635 |
| Description | This update addresses the following issues: * A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer de-reference and further combinations with the LDAP paged_results feature can give a use-after-free in Samba's AD DC LDAP server. (CVE-2020-10730) * Compression of replies to NetBIOS over TCP/IP name resolution and DNS packets (which can be supplied as UDP requests) can be abused to consume excessive amounts of CPU on the Samba AD DC (only). (CVE-2020-10745) * The use of the paged_results or VLV controls against the Global Catalog LDAP server on the AD DC will cause a use-after-free. (CVE-2020-10760) * The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further requests once it receives a empty (zero-length) UDP packet to port 137. (CVE-2020-14303) |
| Additional notes | |
| CVE ID | CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 |
| UCS Bug number | #51532 |
