An shirya sakin gyara na fakitin Samba 4.14.2, 4.13.7 da 4.12.14, wanda a ciki aka gyara lallausan lahani biyu:
- CVE-2020-27840 wani rauni ne na kwararar ma'ajiyar bayanai wanda ke faruwa lokacin sarrafa Sunaye Masu Daraja (DNs) da aka ƙera musamman. Mai kai hari wanda ba a san ko waye ba zai iya lalata sabar AD DC LDAP ta Samba ta hanyar aika buƙatar ɗaurewa ta musamman. Tunda harin zai iya sarrafa ikon sake rubutawa, ba za a iya kawar da mummunan sakamako ba, kamar aiwatar da lambar. uwar garke, amma babu wani aiki da aka yi har yanzu. Tunda lambar da ke haifar da raunin yin nazarin layin DN an aiwatar da ita kafin a duba sigogin tabbatarwa, mai hari zai iya amfani da matsalar ba tare da asusu ba a kai uwar garke.
- CVE-2021-20277 Karatun buffer na waje yana faruwa lokacin da uwar garken AD DC LDAP ke aiwatar da ƙayyadaddun tace mai amfani na musamman. Matsalolin na iya haifar da mai sarrafa uwar garken yin karo ko yayyo abun ciki daga ƙwaƙwalwar ajiya.
source: budenet.ru
