Update to latest samba and libldb release (addressing various CVEs) and rebuild freeipa

This update's test gating status has been changed to 'waiting'.

2 months ago

gd edited this update.

2 months ago

This update's test gating status has been changed to 'passed'.

2 months ago
User Icon asn commented & provided feedback 2 months ago
karma

Looks fine

BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]

gd edited this update.

New build(s):

  • samba-4.13.14-1.fc33

Removed build(s):

  • samba-4.13.14-0.fc33

Karma has been reset.

2 months ago

gd edited this update.

New build(s):

  • freeipa-4.9.6-3.fc33

Removed build(s):

  • freeipa-4.9.6-2.fc33

Karma has been reset.

2 months ago

gd edited this update.

2 months ago

This update has been submitted for testing by gd.

2 months ago

FEDORA-2021-218ec2d434 ejected from the push because "Cannot find relevant tag for freeipa-4.9.6-3.fc33. None of ['f33-updates-testing-pending', 'f33-build-side-47516'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

2 months ago

gd edited this update.

New build(s):

  • samba-4.13.14-2.fc33

Removed build(s):

  • samba-4.13.14-1.fc33

Karma has been reset.

2 months ago

FEDORA-2021-218ec2d434 ejected from the push because "Cannot find relevant tag for freeipa-4.9.6-3.fc33. None of ['f33-build-side-47516'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

2 months ago

FEDORA-2021-218ec2d434 ejected from the push because "Cannot find relevant tag for freeipa-4.9.6-3.fc33. None of ['f33-build-side-47516'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f34-container-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f35-flatpak-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'f33-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-updates-candidate', 'f34-modular-updates-candidate', 'f34-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f36-updates-candidate']."

2 months ago

This update has been pushed to testing.

2 months ago

This update is marked obsolete because the F33 release is archived.

2 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 months ago
in testing
2 months ago
modified
2 months ago
BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
0
0
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
0
0
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
0
0
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
0
0
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
0
0
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
0
0
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
0
0
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
0
0
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
0
0
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
0
0
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
0
0
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
0
0
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
0
0
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
0
0
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
0
0
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
0
0
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case desktop network smb