Fedora 34: libldb 2021-1d77047c61
Summary
An extensible library that implements an LDAP like API to access remote LDAP
servers, or use local tdb databases.
Update to latest samba and libldb release (addressing various CVEs) and rebuild
freeipa
* Thu Nov 4 2021 Guenther Deschner
- libldb-2.3.2 is available
[ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
https://bugzilla.redhat.com/show_bug.cgi?id=2019660
[ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2019666
[ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
https://bugzilla.redhat.com/show_bug.cgi?id=2019672
[ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
https://bugzilla.redhat.com/show_bug.cgi?id=2019726
[ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
https://bugzilla.redhat.com/show_bug.cgi?id=2019732
[ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
https://bugzilla.redhat.com/show_bug.cgi?id=2019764
[ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
https://bugzilla.redhat.com/show_bug.cgi?id=2021726
[ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
https://bugzilla.redhat.com/show_bug.cgi?id=2021728
su -c 'dnf upgrade --advisory FEDORA-2021-1d77047c61' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FEDORA-2021-1d77047c61 2021-12-01 01:12:49.872644 Product : Fedora 34 Version : 2.3.2 Release : 1.fc34 URL : https://ldb.samba.org/ Summary : A schema-less, ldap like, API and database Description : An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. Update to latest samba and libldb release (addressing various CVEs) and rebuild freeipa * Thu Nov 4 2021 Guenther Deschner - 2.3.2-1 - libldb-2.3.2 is available [ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication https://bugzilla.redhat.com/show_bug.cgi?id=2019660 [ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2019666 [ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members https://bugzilla.redhat.com/show_bug.cgi?id=2019672 [ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC https://bugzilla.redhat.com/show_bug.cgi?id=2019726 [ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets https://bugzilla.redhat.com/show_bug.cgi?id=2019732 [ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored https://bugzilla.redhat.com/show_bug.cgi?id=2019764 [ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server https://bugzilla.redhat.com/show_bug.cgi?id=2021726 [ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) https://bugzilla.redhat.com/show_bug.cgi?id=2021728 su -c 'dnf upgrade --advisory FEDORA-2021-1d77047c61' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Change Log
References