Update to latest samba and libldb release (addressing various CVEs) and rebuild freeipa

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-1d77047c61

This update's test gating status has been changed to 'waiting'.

9 months ago

This update has been submitted for testing by bodhi.

9 months ago

gd edited this update.

9 months ago

This update has been pushed to testing.

9 months ago

This update's test gating status has been changed to 'failed'.

9 months ago

This update's test gating status has been changed to 'passed'.

9 months ago
User Icon asn commented & provided feedback 9 months ago
karma

Looks fine.

BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]

gd edited this update.

New build(s):

  • samba-4.14.10-1.fc34

Removed build(s):

  • samba-4.14.10-0.fc34

Karma has been reset.

9 months ago

This update has been submitted for testing by bodhi.

9 months ago

gd edited this update.

New build(s):

  • freeipa-4.9.6-4.fc34

Removed build(s):

  • freeipa-4.9.6-3.fc34

Karma has been reset.

9 months ago

gd edited this update.

9 months ago

gd edited this update.

9 months ago

gd edited this update.

9 months ago

FEDORA-2021-1d77047c61 ejected from the push because "Cannot find relevant tag for freeipa-4.9.6-4.fc34. None of ['f34-updates-testing-pending', 'f34-build-side-47514'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

9 months ago

This update has been submitted for testing by gd.

9 months ago

FEDORA-2021-1d77047c61 ejected from the push because "Cannot find relevant tag for freeipa-4.9.6-4.fc34. None of ['f34-build-side-47514'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

9 months ago

gd edited this update.

New build(s):

  • samba-4.14.10-2.fc34

Removed build(s):

  • samba-4.14.10-1.fc34

Karma has been reset.

9 months ago

FEDORA-2021-1d77047c61 ejected from the push because "Cannot find relevant tag for freeipa-4.9.6-4.fc34. None of ['f34-build-side-47514'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

9 months ago

FEDORA-2021-1d77047c61 ejected from the push because "Cannot find relevant tag for freeipa-4.9.6-4.fc34. None of ['f34-build-side-47514'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

9 months ago

This update has been pushed to testing.

9 months ago

This update has been submitted for stable by bodhi.

9 months ago

This update has been pushed to stable.

8 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
9 months ago
in testing
9 months ago
in stable
8 months ago
modified
9 months ago
BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
0
0
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
0
0
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
0
0
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
0
0
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
0
0
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
0
0
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
0
0
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
0
0
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
0
0
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
0
0
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
0
0
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
0
0
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
0
0
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
0
0
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
0
0
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
0
0
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case desktop network smb