#15742 closed enhancement (fixed)

samba-4.15.2

Reported by: Bruce Dubbs Owned by: pierre
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Xi Ruoyao, 13 months ago

Priority: normalelevated

8 CVEs. "Wonderful"!

                   ==============================
                   Release Notes for Samba 4.15.2
                           November 9, 2021
                   ==============================


This is a security release in order to address the following defects:

o CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
                  authentication.
                  https://www.samba.org/samba/security/CVE-2016-2124.html

o CVE-2020-25717: A user on the domain can become root on domain members.
                  https://www.samba.org/samba/security/CVE-2020-25717.html
                  (PLEASE READ! There are important behaviour changes described)

o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
                  by an RODC.
                  https://www.samba.org/samba/security/CVE-2020-25718.html

o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
                  tickets.
                  https://www.samba.org/samba/security/CVE-2020-25719.html

o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
                  (eg objectSid).
                  https://www.samba.org/samba/security/CVE-2020-25721.html

o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
                  checking of data stored.
                  https://www.samba.org/samba/security/CVE-2020-25722.html

o CVE-2021-3738:  Use after free in Samba AD DC RPC server.
                  https://www.samba.org/samba/security/CVE-2021-3738.html

o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
                  https://www.samba.org/samba/security/CVE-2021-23192.html

comment:2 by pierre, 13 months ago

Owner: changed from blfs-book to pierre
Status: newassigned

comment:3 by pierre, 13 months ago

The release notes only add who made the fixes for CVE's. But there is something important in the announcement:

Please read the individual advisories, as there are important behaviour changes for CVE-2020-25717.

There's sadly a regression that "allow trusted domains = no" prevents winbindd from starting, fixes are available at bug #14899.

Links:

comment:4 by pierre, 13 months ago

Commit 676876baebcb32044718f96347a61f4579480ce0

Security advisory coming.

comment:5 by pierre, 13 months ago

Resolution: fixed
Status: assignedclosed

Advisory done (commit c552541 in the www repository).

Note: See TracTickets for help on using tickets.