Re: [DONE] wml://security/2021/dsa-5015.wml
On Tue, 2021-11-30 at 21:12 +0500, Lev Lamberov wrote:
> --- ../../english/security/2021/dsa-5015.wml 2021-11-30
> 20:18:13.568247162 +0500
> +++ 2021/dsa-5015.wml 2021-11-30 21:11:52.145603416 +0500
> @@ -1,33 +1,40 @@
> -<define-tag description>security update</define-tag>
> +#use wml::debian::translation-check
> translation="021ca29ce4441965338f6b5b1369a60cf47bb0b9" mindelta="1"
> maintainer="Lev Lamberov"
> +<define-tag description>обновление безопасности</define-tag>
> <define-tag moreinfo>
> -<p>Andrew Bartlett discovered that Samba, a SMB/CIFS file, print,
> and login
> -server for Unix, may map domain users to local users in an undesired
> -way. This could allow a user in an AD domain to potentially become
> root
> -on domain members.</p>
> -
> -<p>A new parameter <q>min domain uid</q> (default 1000) has been
> added to
> -specify the minimum uid allowed when mapping a local account to a
> domain
> -account.</p>
> -
> -<p>Further details and workarounds can be found in the upstream
> advisory
> -<a
> href="https://www.samba.org/samba/security/">https://www.samba.org/samba/security/
> </a><a
> href="https://security-tracker.debian.org/tracker/CVE-2020-25717">CVE
> -2020-25717</a>.html</p>
> -
> -<p>For the oldstable distribution (buster), this problem has been
> fixed
> -in version 2:4.9.5+dfsg-5+deb10u2. Additionally the update mitigates
> -<a
> href="https://security-tracker.debian.org/tracker/CVE-2020-25722">CVE
> -2020-25722</a>. Unfortunately the changes required to fix additional
> -CVEs affecting Samba as an AD-compatible domain controller are too
> -invasive to be backported. Thus users using Samba as an AD-
> compatible
> -domain controller are encouraged to migrate to Debian bullseye. From
> -this point onwards AD domain controller setups are no longer
> supported
> -in Debian oldstable.</p>
> -
> -<p>We recommend that you upgrade your samba packages.</p>
> -
> -<p>For the detailed security status of samba please refer to its
> security
> -tracker page at:
> -<a
> href="https://security-tracker.debian.org/tracker/samba">https://security-tracker.debian.org/tracker/samba
> </a></p>
> +<p>Эндрю Бартлет сообщил, что Samba, файловый сервер, сервер
> +печати и входа SMB/CIFS для Unix, может преобразовывать
> пользователей
> +домена в локальных пользователей нежелательным образом Это может
> +позволить пользователю в AD-домене потенциально стать
> суперпользователей
> +на машинах домена.</p>
Это потенциально даёт возможность пользователю в AD-домене стать
суперпользователЕМ ...
?
Reply to: