enterprise-support team mailing list archive

[Marc Deslauriers <1950363@xxxxxxxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

This bug is for tracking the Nov 2021 Samba security update:

o CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
                  authentication.
                  https://www.samba.org/samba/security/CVE-2016-2124.html

o CVE-2020-25717: A user on the domain can become root on domain members.
                  https://www.samba.org/samba/security/CVE-2020-25717.html
                  (PLEASE READ! There are important behaviour changes described)

o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
                  by an RODC.
                  https://www.samba.org/samba/security/CVE-2020-25718.html

o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
                  tickets.
                  https://www.samba.org/samba/security/CVE-2020-25719.html

o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
                  (eg objectSid).
                  https://www.samba.org/samba/security/CVE-2020-25721.html

o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
                  checking of data stored.
                  https://www.samba.org/samba/security/CVE-2020-25722.html

o CVE-2021-3738:  Use after free in Samba AD DC RPC server.
                  https://www.samba.org/samba/security/CVE-2021-3738.html

o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
                  https://www.samba.org/samba/security/CVE-2021-23192.html

** Affects: samba (Ubuntu)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: In Progress

** Affects: samba (Ubuntu Bionic)
     Importance: Undecided
         Status: New

** Affects: samba (Ubuntu Focal)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: In Progress

** Affects: samba (Ubuntu Hirsute)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: In Progress

** Affects: samba (Ubuntu Impish)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: In Progress

** Affects: samba (Ubuntu Jammy)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: In Progress

** Also affects: samba (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: samba (Ubuntu Hirsute)
   Importance: Undecided
       Status: New

** Also affects: samba (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: samba (Ubuntu Impish)
   Importance: Undecided
       Status: New

** Also affects: samba (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: samba (Ubuntu Focal)
       Status: New => In Progress

** Changed in: samba (Ubuntu Hirsute)
       Status: New => In Progress

** Changed in: samba (Ubuntu Impish)
       Status: New => In Progress

** Changed in: samba (Ubuntu Jammy)
       Status: New => In Progress

** Changed in: samba (Ubuntu Focal)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: samba (Ubuntu Hirsute)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: samba (Ubuntu Impish)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: samba (Ubuntu Jammy)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1950363

Title:
  Nov 2021 security update tracking bug

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1950363/+subscriptions