Fedora 34: samba 2021-1d77047c61
Summary
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.
Update to latest samba and libldb release (addressing various CVEs) and rebuild
freeipa
* Sat Nov 13 2021 Guenther Deschner
- Fix IPA DC schannel support
* Thu Nov 11 2021 Guenther Deschner
- Fix winbind trusted domain regression
- related: #2021716
* Tue Nov 9 2021 Guenther Deschner
- Update to Samba 4.14.10
- resolves: #2019660, #2021711 - Security fixes for CVE-2016-2124
- resolves: #2019672, #2021716 - Security fixes for CVE-2020-25717
- resolves: #2019726, #2021718 - Security fixes for CVE-2020-25718
- resolves: #2019732, #2021719 - Security fixes for CVE-2020-25719
- resolves: #2021728, #2021729 - Security fixes for CVE-2020-25721
- resolves: #2019764, #2021721 - Security fixes for CVE-2020-25722
- resolves: #2021726, #2021727 - Security fixes for CVE-2021-3738
- resolves: #2019666, #2021715 - Security fixes for CVE-2021-23192
[ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
https://bugzilla.redhat.com/show_bug.cgi?id=2019660
[ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2019666
[ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
https://bugzilla.redhat.com/show_bug.cgi?id=2019672
[ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
https://bugzilla.redhat.com/show_bug.cgi?id=2019726
[ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
https://bugzilla.redhat.com/show_bug.cgi?id=2019732
[ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
https://bugzilla.redhat.com/show_bug.cgi?id=2019764
[ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
https://bugzilla.redhat.com/show_bug.cgi?id=2021726
[ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
https://bugzilla.redhat.com/show_bug.cgi?id=2021728
su -c 'dnf upgrade --advisory FEDORA-2021-1d77047c61' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FEDORA-2021-1d77047c61 2021-12-01 01:12:49.872644 Product : Fedora 34 Version : 4.14.10 Release : 2.fc34 URL : https://www.samba.org Summary : Server and Client software to interoperate with Windows machines Description : Samba is the standard Windows interoperability suite of programs for Linux and Unix. Update to latest samba and libldb release (addressing various CVEs) and rebuild freeipa * Sat Nov 13 2021 Guenther Deschner - 4.14.10-2 - Fix IPA DC schannel support * Thu Nov 11 2021 Guenther Deschner - 4.14.10-1 - Fix winbind trusted domain regression - related: #2021716 * Tue Nov 9 2021 Guenther Deschner - 4.14.10-0 - Update to Samba 4.14.10 - resolves: #2019660, #2021711 - Security fixes for CVE-2016-2124 - resolves: #2019672, #2021716 - Security fixes for CVE-2020-25717 - resolves: #2019726, #2021718 - Security fixes for CVE-2020-25718 - resolves: #2019732, #2021719 - Security fixes for CVE-2020-25719 - resolves: #2021728, #2021729 - Security fixes for CVE-2020-25721 - resolves: #2019764, #2021721 - Security fixes for CVE-2020-25722 - resolves: #2021726, #2021727 - Security fixes for CVE-2021-3738 - resolves: #2019666, #2021715 - Security fixes for CVE-2021-23192 [ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication https://bugzilla.redhat.com/show_bug.cgi?id=2019660 [ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2019666 [ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members https://bugzilla.redhat.com/show_bug.cgi?id=2019672 [ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC https://bugzilla.redhat.com/show_bug.cgi?id=2019726 [ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets https://bugzilla.redhat.com/show_bug.cgi?id=2019732 [ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored https://bugzilla.redhat.com/show_bug.cgi?id=2019764 [ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server https://bugzilla.redhat.com/show_bug.cgi?id=2021726 [ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) https://bugzilla.redhat.com/show_bug.cgi?id=2021728 su -c 'dnf upgrade --advisory FEDORA-2021-1d77047c61' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Change Log
References