jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2021/cvrf-openEuler-SA-2021-1461.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

388 lines
30 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for samba is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2021-1461</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2021-12-10</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2021-12-10</InitialReleaseDate>
<CurrentReleaseDate>2021-12-10</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2021-12-10</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">samba security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for samba is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">Samba is a suite of programs for Linux and Unix to interoperate with Windows.
Security Fix(es):
A flaw was discovered in the way samba implements SMB1 authentication. Even if Kerberos authentication is required, an attacker can use this flaw to retrieve the clear text password sent over the wire.(CVE-2016-2124)
Several flaws were found in the way that samba AD DC implements storage data access and consistency checking. Attackers can use this flaw to cause damage to the entire domain.(CVE-2020-25722)
A use-after-free issue was found in the Samba AD DC RPC server, which may allow handles to point to different user states, leading to more privileged access.(CVE-2021-3738)
A flaw was found in the way that samba as an AD domain controller can support RODC. This will allow RODC to print administrator credentials.(CVE-2020-25718)
A flaw was discovered in the way that Samba, as an AD domain controller, implements Kerberos name-based authentication. If Samba AD DC does not strictly require Kerberos PAC and always uses the SID found in it, it may not be able to distinguish the user represented by the credential.(CVE-2020-25719)
The AD Kerberos acceptance service in Samba cannot perform authorization by accessing the user's unique and long-term stable identifier.(CVE-2020-25721)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for samba is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">samba</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1461</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2016-2124</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-25722</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3738</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-25718</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-25719</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-25721</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2016-2124</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-25722</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-3738</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-25718</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-25719</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-25721</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">openEuler-20.03-LTS-SP2</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="samba-winbind-modules-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-winbind-modules-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libwbclient-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-winbind-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libsmbclient-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-samba-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libwbclient-devel-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libsmbclient-devel-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-krb5-locator-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-winbind-krb5-locator-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-client-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-client-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="ctdb-tests-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">ctdb-tests-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-krb5-printing-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-krb5-printing-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="ctdb-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">ctdb-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-debugsource-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-debugsource-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-debuginfo-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-debuginfo-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-provision-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-dc-provision-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-devel-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-help-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-help-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-dc-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-dc-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-samba-dc-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-bind-dlz-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-dc-bind-dlz-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-libs-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-libs-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-clients-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-winbind-clients-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-common-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-common-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-test-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-test-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-test-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-samba-test-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-common-tools-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-common-tools-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libwbclient-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-krb5-locator-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-winbind-krb5-locator-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-samba-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-modules-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-winbind-modules-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-provision-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-dc-provision-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-help-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-help-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-libs-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-libs-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-krb5-printing-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-krb5-printing-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="ctdb-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">ctdb-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-dc-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-samba-dc-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-debugsource-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-debugsource-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-devel-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="ctdb-tests-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">ctdb-tests-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-bind-dlz-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-dc-bind-dlz-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-winbind-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-clients-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-winbind-clients-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-debuginfo-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-debuginfo-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-client-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-client-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-test-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-test-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libsmbclient-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libsmbclient-devel-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-common-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-common-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libwbclient-devel-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-test-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-samba-test-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-dc-4.11.12-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-common-tools-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-common-tools-4.11.12-8.oe1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="samba-pidl-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-pidl-4.11.12-8.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="samba-pidl-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-pidl-4.11.12-8.oe1.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-4.11.12-8.oe1.src.rpm</FullProductName>
<FullProductName ProductID="samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-4.11.12-8.oe1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="samba-vfs-glusterfs-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-vfs-glusterfs-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-dc-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-krb5-locator-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-winbind-krb5-locator-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="ctdb-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">ctdb-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-debuginfo-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-debuginfo-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-common-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-common-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libsmbclient-devel-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-bind-dlz-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-dc-bind-dlz-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-krb5-printing-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-krb5-printing-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libwbclient-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-devel-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-winbind-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libwbclient-devel-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-client-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-client-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-debugsource-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-debugsource-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-provision-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-dc-provision-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-clients-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-winbind-clients-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-test-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-samba-test-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-common-tools-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-common-tools-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-dc-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-samba-dc-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-test-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-test-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-samba-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-modules-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-winbind-modules-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-help-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-help-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libsmbclient-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="ctdb-tests-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">ctdb-tests-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-libs-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">samba-libs-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-dc-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-test-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-test-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-test-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-samba-test-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-provision-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-dc-provision-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-krb5-printing-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-krb5-printing-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-vfs-glusterfs-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-vfs-glusterfs-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-modules-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-winbind-modules-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-krb5-locator-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-winbind-krb5-locator-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libwbclient-devel-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-bind-dlz-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-dc-bind-dlz-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="ctdb-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">ctdb-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-help-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-help-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-common-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-common-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-common-tools-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-common-tools-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="ctdb-tests-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">ctdb-tests-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-clients-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-winbind-clients-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-debugsource-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-debugsource-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-devel-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-debuginfo-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-debuginfo-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-client-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-client-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libwbclient-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-devel-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libsmbclient-devel-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libsmbclient-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-libs-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-libs-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-samba-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">samba-winbind-4.11.12-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-dc-4.11.12-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-samba-dc-4.11.12-8.oe1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A flaw was discovered in the way samba implements SMB1 authentication. Even if Kerberos authentication is required, an attacker can use this flaw to retrieve the clear text password sent over the wire.</Note>
</Notes>
<ReleaseDate>2021-12-10</ReleaseDate>
<CVE>CVE-2016-2124</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.8</BaseScore>
<Vector>AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>samba security update</Description>
<DATE>2021-12-10</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1461</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">Several flaws were found in the way that samba AD DC implements storage data access and consistency checking. Attackers can use this flaw to cause damage to the entire domain.</Note>
</Notes>
<ReleaseDate>2021-12-10</ReleaseDate>
<CVE>CVE-2020-25722</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>8.8</BaseScore>
<Vector>AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>samba security update</Description>
<DATE>2021-12-10</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1461</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">A use-after-free issue was found in the Samba AD DC RPC server, which may allow handles to point to different user states, leading to more privileged access.</Note>
</Notes>
<ReleaseDate>2021-12-10</ReleaseDate>
<CVE>CVE-2021-3738</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.6</BaseScore>
<Vector>AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>samba security update</Description>
<DATE>2021-12-10</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1461</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">A flaw was found in the way that samba as an AD domain controller can support RODC. This will allow RODC to print administrator credentials.</Note>
</Notes>
<ReleaseDate>2021-12-10</ReleaseDate>
<CVE>CVE-2020-25718</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.5</BaseScore>
<Vector>AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>samba security update</Description>
<DATE>2021-12-10</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1461</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">A flaw was discovered in the way that Samba, as an AD domain controller, implements Kerberos name-based authentication. If Samba AD DC does not strictly require Kerberos PAC and always uses the SID found in it, it may not be able to distinguish the user represented by the credential.</Note>
</Notes>
<ReleaseDate>2021-12-10</ReleaseDate>
<CVE>CVE-2020-25719</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.2</BaseScore>
<Vector>AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>samba security update</Description>
<DATE>2021-12-10</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1461</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="6" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="6" xml:lang="en">The AD Kerberos acceptance service in Samba cannot perform authorization by accessing the user's unique and long-term stable identifier.</Note>
</Notes>
<ReleaseDate>2021-12-10</ReleaseDate>
<CVE>CVE-2020-25721</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.6</BaseScore>
<Vector>AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>samba security update</Description>
<DATE>2021-12-10</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1461</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink