diff -Nru samba-4.7.6+dfsg~ubuntu/debian/changelog samba-4.7.6+dfsg~ubuntu/debian/changelog
--- samba-4.7.6+dfsg~ubuntu/debian/changelog	2020-06-19 12:58:37.000000000 +0000
+++ samba-4.7.6+dfsg~ubuntu/debian/changelog	2020-08-07 17:39:22.000000000 +0000
@@ -1,3 +1,12 @@
+samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.18) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
+    - debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
+      packet in libcli/nbt/nbtsocket.c.
+    - CVE-2020-14303
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 07 Aug 2020 13:39:22 -0400
+
 samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.17) bionic-security; urgency=medium
 
   * SECURITY UPDATE: NULL pointer de-reference and use-after-free in Samba
diff -Nru samba-4.7.6+dfsg~ubuntu/debian/patches/CVE-2020-14303.patch samba-4.7.6+dfsg~ubuntu/debian/patches/CVE-2020-14303.patch
--- samba-4.7.6+dfsg~ubuntu/debian/patches/CVE-2020-14303.patch	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.7.6+dfsg~ubuntu/debian/patches/CVE-2020-14303.patch	2020-08-07 17:39:17.000000000 +0000
@@ -0,0 +1,47 @@
+From 3cc0f1eeda5f133532dda31eef9fc1b394127e50 Mon Sep 17 00:00:00 2001
+From: Gary Lockyer <gary@catalyst.net.nz>
+Date: Wed, 24 Jun 2020 14:27:08 +1200
+Subject: [PATCH] CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet
+
+An empty UDP packet put the nbt server into a busy loop that consumes
+100% of a cpu.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417
+
+Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
+
+Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
+Autobuild-Date(master): Thu Jul  2 10:26:24 UTC 2020 on sn-devel-184
+---
+ libcli/nbt/nbtsocket.c         | 17 ++++++++++++++++-
+ selftest/knownfail.d/empty-nbt |  1 -
+ 2 files changed, 16 insertions(+), 2 deletions(-)
+ delete mode 100644 selftest/knownfail.d/empty-nbt
+
+--- a/libcli/nbt/nbtsocket.c
++++ b/libcli/nbt/nbtsocket.c
+@@ -170,8 +170,23 @@ static void nbt_name_socket_recv(struct
+ 		return;
+ 	}
+ 
++	/*
++	 * Given a zero length, data_blob_talloc() returns the
++	 * NULL blob {NULL, 0}.
++	 *
++	 * We only want to error return here on a real out of memory condition
++	 * (i.e. dsize != 0, so the UDP packet has data, but the return of the
++	 * allocation failed, so blob.data==NULL).
++	 *
++	 * Given an actual zero length UDP packet having blob.data == NULL
++	 * isn't an out of memory error condition, that's the defined semantics
++	 * of data_blob_talloc() when asked for zero bytes.
++	 *
++	 * We still need to continue to do the zero-length socket_recvfrom()
++	 * read in order to clear the "read pending" condition on the socket.
++	 */
+ 	blob = data_blob_talloc(tmp_ctx, NULL, dsize);
+-	if (blob.data == NULL) {
++	if (blob.data == NULL && dsize != 0) {
+ 		talloc_free(tmp_ctx);
+ 		return;
+ 	}
diff -Nru samba-4.7.6+dfsg~ubuntu/debian/patches/series samba-4.7.6+dfsg~ubuntu/debian/patches/series
--- samba-4.7.6+dfsg~ubuntu/debian/patches/series	2020-06-19 12:58:12.000000000 +0000
+++ samba-4.7.6+dfsg~ubuntu/debian/patches/series	2020-08-07 17:39:14.000000000 +0000
@@ -93,3 +93,4 @@
 CVE-2020-10745-7.patch
 CVE-2020-10760-1.patch
 CVE-2020-10760-2.patch
+CVE-2020-14303.patch