diff -Nru samba-4.3.11+dfsg/debian/changelog samba-4.3.11+dfsg/debian/changelog
--- samba-4.3.11+dfsg/debian/changelog	2020-06-19 13:05:01.000000000 +0000
+++ samba-4.3.11+dfsg/debian/changelog	2020-08-07 17:39:56.000000000 +0000
@@ -1,3 +1,12 @@
+samba (2:4.3.11+dfsg-0ubuntu0.16.04.29) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
+    - debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
+      packet in libcli/nbt/nbtsocket.c.
+    - CVE-2020-14303
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 07 Aug 2020 13:39:56 -0400
+
 samba (2:4.3.11+dfsg-0ubuntu0.16.04.28) xenial-security; urgency=medium
 
   * SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume
diff -Nru samba-4.3.11+dfsg/debian/patches/CVE-2020-14303.patch samba-4.3.11+dfsg/debian/patches/CVE-2020-14303.patch
--- samba-4.3.11+dfsg/debian/patches/CVE-2020-14303.patch	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.3.11+dfsg/debian/patches/CVE-2020-14303.patch	2020-08-07 17:39:52.000000000 +0000
@@ -0,0 +1,47 @@
+From 3cc0f1eeda5f133532dda31eef9fc1b394127e50 Mon Sep 17 00:00:00 2001
+From: Gary Lockyer <gary@catalyst.net.nz>
+Date: Wed, 24 Jun 2020 14:27:08 +1200
+Subject: [PATCH] CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet
+
+An empty UDP packet put the nbt server into a busy loop that consumes
+100% of a cpu.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417
+
+Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
+
+Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
+Autobuild-Date(master): Thu Jul  2 10:26:24 UTC 2020 on sn-devel-184
+---
+ libcli/nbt/nbtsocket.c         | 17 ++++++++++++++++-
+ selftest/knownfail.d/empty-nbt |  1 -
+ 2 files changed, 16 insertions(+), 2 deletions(-)
+ delete mode 100644 selftest/knownfail.d/empty-nbt
+
+--- a/libcli/nbt/nbtsocket.c
++++ b/libcli/nbt/nbtsocket.c
+@@ -171,8 +171,23 @@ static void nbt_name_socket_recv(struct
+ 		return;
+ 	}
+ 
++	/*
++	 * Given a zero length, data_blob_talloc() returns the
++	 * NULL blob {NULL, 0}.
++	 *
++	 * We only want to error return here on a real out of memory condition
++	 * (i.e. dsize != 0, so the UDP packet has data, but the return of the
++	 * allocation failed, so blob.data==NULL).
++	 *
++	 * Given an actual zero length UDP packet having blob.data == NULL
++	 * isn't an out of memory error condition, that's the defined semantics
++	 * of data_blob_talloc() when asked for zero bytes.
++	 *
++	 * We still need to continue to do the zero-length socket_recvfrom()
++	 * read in order to clear the "read pending" condition on the socket.
++	 */
+ 	blob = data_blob_talloc(tmp_ctx, NULL, dsize);
+-	if (blob.data == NULL) {
++	if (blob.data == NULL && dsize != 0) {
+ 		talloc_free(tmp_ctx);
+ 		return;
+ 	}
diff -Nru samba-4.3.11+dfsg/debian/patches/series samba-4.3.11+dfsg/debian/patches/series
--- samba-4.3.11+dfsg/debian/patches/series	2020-06-19 13:35:40.000000000 +0000
+++ samba-4.3.11+dfsg/debian/patches/series	2020-08-07 17:39:49.000000000 +0000
@@ -136,3 +136,4 @@
 CVE-2020-10745-5.patch
 CVE-2020-10745-6.patch
 CVE-2020-10745-7.patch
+CVE-2020-14303.patch