stable

freeipa-4.9.7-4.fc35 and samba-4.15.2-3.fc35

FEDORA-2021-12af2614da created by gd 2 years ago for Fedora 35

Update to latest samba release (addressing various CVEs) and rebuild freeipa

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-12af2614da

This update's test gating status has been changed to 'waiting'.

2 years ago

This update has been submitted for testing by bodhi.

2 years ago

gd edited this update.

2 years ago

gd edited this update.

2 years ago

This update's test gating status has been changed to 'passed'.

2 years ago

This update has been pushed to testing.

2 years ago

gd edited this update.

2 years ago
User Icon asn commented & provided feedback 2 years ago
karma

Looks fine.

BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
BZ#2020376 winexe core dumps
BZ#2021625 samba-4.15.2 is available
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]

This update's test gating status has been changed to 'failed'.

2 years ago

This update's test gating status has been changed to 'passed'.

2 years ago

gd edited this update.

New build(s):

  • samba-4.15.2-2.fc35

Removed build(s):

  • samba-4.15.2-0.fc35

Karma has been reset.

2 years ago

This update has been submitted for testing by bodhi.

2 years ago

gd edited this update.

New build(s):

  • freeipa-4.9.7-4.fc35

Removed build(s):

  • freeipa-4.9.7-3.fc35

Karma has been reset.

2 years ago

FEDORA-2021-12af2614da ejected from the push because "Cannot find relevant tag for freeipa-4.9.7-4.fc35. None of ['f35-updates-testing-pending', 'f35-build-side-47610'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

2 years ago

This update has been submitted for testing by gd.

2 years ago

FEDORA-2021-12af2614da ejected from the push because "Cannot find relevant tag for freeipa-4.9.7-4.fc35. None of ['f35-build-side-47610'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

2 years ago

gd edited this update.

New build(s):

  • samba-4.15.2-3.fc35

Removed build(s):

  • samba-4.15.2-2.fc35

Karma has been reset.

2 years ago

FEDORA-2021-12af2614da ejected from the push because "Cannot find relevant tag for freeipa-4.9.7-4.fc35. None of ['f35-build-side-47610'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

2 years ago

FEDORA-2021-12af2614da ejected from the push because "Cannot find relevant tag for freeipa-4.9.7-4.fc35. None of ['f35-build-side-47610'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

2 years ago

This update has been pushed to testing.

2 years ago
User Icon besser82 commented & provided feedback 2 years ago
karma

Works great! LGTM! =)

User Icon anoopcs commented & provided feedback 2 years ago
karma

LGTM !

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by gd.

2 years ago
User Icon t3rm1n4l commented & provided feedback 2 years ago
karma

wfm

BZ#2021625 samba-4.15.2 is available
User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
0
0
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
0
0
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
0
0
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
0
0
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
0
0
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
0
0
BZ#2020376 winexe core dumps
0
0
BZ#2021625 samba-4.15.2 is available
0
1
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
0
0
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
0
0
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
0
0
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
0
0
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
0
0
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
0
0
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
0
0
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
0
0
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
0
0
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
0
0
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
0
0

Automated Test Results

Test Cases

0 1 Test Case desktop network smb