Fedora 35: 2021-12af2614da Critical: Samba Service Exploits

Samba is the standard Windows interoperability suite of programs for Linux and

Unix.

Update to latest samba release (addressing various CVEs) and rebuild freeipa

* Sat Nov 13 2021 Guenther Deschner - 4.15.2-3

- Fix IPA DC schannel support

* Thu Nov 11 2021 Guenther Deschner - 4.15.2-2

- Fix winbind trusted domain regression

- related: #2021716

- Fix logfile handling

- Fix smbclient -N failures in container setups

* Tue Nov 9 2021 Guenther Deschner - 4.15.2-0

- Update to Samba 4.15.2

- resolves: #2019660, #2021711 - Security fixes for CVE-2016-2124

- resolves: #2019672, #2021716 - Security fixes for CVE-2020-25717

- resolves: #2019726, #2021718 - Security fixes for CVE-2020-25718

- resolves: #2019732, #2021719 - Security fixes for CVE-2020-25719

- resolves: #2021728, #2021729 - Security fixes for CVE-2020-25721

- resolves: #2019764, #2021721 - Security fixes for CVE-2020-25722

- resolves: #2021726, #2021727 - Security fixes for CVE-2021-3738

- resolves: #2019666, #2021715 - Security fixes for CVE-2021-23192

- resolves: #2021625

* Fri Nov 5 2021 Guenther Deschner - 4.15.1-1

- Fix winexe core dump

- resolves: #2020376

[ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication

https://bugzilla.redhat.com/show_bug.cgi?id=2019660

[ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=2019666

[ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members

https://bugzilla.redhat.com/show_bug.cgi?id=2019672

[ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC

https://bugzilla.redhat.com/show_bug.cgi?id=2019726

[ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

https://bugzilla.redhat.com/show_bug.cgi?id=2019732

[ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored

https://bugzilla.redhat.com/show_bug.cgi?id=2019764

[ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server

https://bugzilla.redhat.com/show_bug.cgi?id=2021726

[ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)

https://bugzilla.redhat.com/show_bug.cgi?id=2021728

su -c 'dnf upgrade --advisory FEDORA-2021-12af2614da' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure