FEDORA-2021-3e0eb1e047 — security update for freeipa and samba

stable

freeipa-4.9.7-4.fc36 and samba-4.15.2-2.fc36

FEDORA-2021-3e0eb1e047 created by gd a year ago for Fedora 36

Update to latest samba release (addressing various CVEs) and rebuild freeipa

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-3e0eb1e047

This update's test gating status has been changed to 'waiting'.

a year ago

gd edited this update.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

gd edited this update.

a year ago

asn commented & provided feedback a year ago

karma

Looks fine.

BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]

BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]

BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server

BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]

BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)

BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]

BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication

BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability

BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members

BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC

BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored

BZ#2020376 winexe core dumps

BZ#2021625 samba-4.15.2 is available

BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]

BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]

BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]

BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]

BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]

gd edited this update.

New build(s):

samba-4.15.2-2.fc36
freeipa-4.9.7-4.fc36

Removed build(s):

freeipa-4.9.7-3.fc36
samba-4.15.2-0.fc36

Karma has been reset.

a year ago

gd edited this update.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been submitted for stable by bodhi

a year ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

freeipa-4.9.7-4.fc36

samba-4.15.2-2.fc36

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

0 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

modified