stable

freeipa-4.9.7-4.fc36 and samba-4.15.2-2.fc36

FEDORA-2021-3e0eb1e047 created by gd a year ago for Fedora 36

Update to latest samba release (addressing various CVEs) and rebuild freeipa

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-3e0eb1e047

This update's test gating status has been changed to 'waiting'.

a year ago

gd edited this update.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

gd edited this update.

a year ago
User Icon asn commented & provided feedback a year ago
karma

Looks fine.

BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
BZ#2020376 winexe core dumps
BZ#2021625 samba-4.15.2 is available
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]

gd edited this update.

New build(s):

  • samba-4.15.2-2.fc36
  • freeipa-4.9.7-4.fc36

Removed build(s):

  • freeipa-4.9.7-3.fc36
  • samba-4.15.2-0.fc36

Karma has been reset.

a year ago

gd edited this update.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been submitted for stable by bodhi

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
0 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
0
0
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
0
0
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
0
0
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
0
0
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
0
0
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
0
0
BZ#2020376 winexe core dumps
0
0
BZ#2021625 samba-4.15.2 is available
0
0
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
0
0
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
0
0
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
0
0
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
0
0
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
0
0
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
0
0
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
0
0
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
0
0
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
0
0
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
0
0
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
0
0

Automated Test Results

ignored

Test Cases

0 0 Test Case desktop network smb