AVG-2538 log

Package samba
Status Fixed
Severity Medium
Type multiple issues
Affected 4.15.1-1
Fixed 4.15.2-1
Current 4.16.1-3 [extra]
Ticket None
Created Tue Nov 9 20:36:10 2021
Issue Severity Remote Type Description
CVE-2021-23192 Medium Yes Insufficient validation
A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment...
CVE-2021-3738 Medium Yes Arbitrary code execution
A security issue has been found in Samba versions 4.0.0 to 4.15.1. The AD DC RPC server can use memory that was free()ed when a sub- connection is closed.
CVE-2020-25722 Medium Yes Insufficient validation
A security issue has been found in Samba versions 4.0.0 to 4.15.1. At a number of points in the Samba AD DC per-attribute and schema based permission checks...
CVE-2020-25721 Medium Yes Privilege escalation
A security issue has been found in Samba versions 4.0.0 to 4.15.1. Samba as an AD DC did not provide a way for Linux applications to obtain a reliable SID...
CVE-2020-25719 Medium Yes Privilege escalation
A security issue has been found in Samba versions 4.0.0 to 4.15.1. The Samba AD DC, could become confused about the user a ticket represents if it did not...
CVE-2020-25718 Medium Yes Privilege escalation
A security issue has been found in Samba versions 4.0.0 to 4.15.1. The Samba AD DC, when joined by an RODC, did not confirm if the RODC was allowed to print...
CVE-2020-25717 Medium Yes Privilege escalation
A security issue has been found in Samba versions 3.0.0 to 4.15.1. Samba may map domain users to local users in an undesired way.