Kugadzirisa kuburitswa kweSamba package 4.14.2, 4.13.7 uye 4.12.14 kwakagadzirirwa, umo kusagadzikana kuviri kunogadziriswa:
- CVE-2020-27840 ibuffer mafashama inoitika kana ichigadzira yakasarudzika mazita eDN (Zita Rinosiyanisa). Anorwisa asingazivikanwe anogona kupaza Samba-based AD DC LDAP server nekutumira yakanyatsogadzirwa chikumbiro chekusunga. Sezvo panguva yekurwisa zvinokwanisika kudzora nzvimbo yekunyora patsva, mhedzisiro yakakomba haigone kubviswa kunze, sekuita kodhi yako pane sevha, asi hapana basa rekushandisa parizvino. Sezvo iyo DN tambo parsing kodhi inotungamira mukusagadzikana ichiitwa pachinhanho isati yatarisa maparamendi echokwadi, dambudziko rinogona kushandiswa neanorwisa asina account paserver.
- CVE-2021-20277 Iyo yekunze-ye-ma-buffer yekuverenga inoitika apo iyo AD DC LDAP sevha inogadzira yakanyatsogadzirwa-yakatsanangurwa sefa. Dambudziko rinogona kuita kuti sevha inobata iparare kana kudonhedza zvirimo kubva kumemory memory.
Source: opennet.ru