On Tue, 2021-11-30 at 21:12 +0500, Lev Lamberov wrote: > --- ../../english/security/2021/dsa-5015.wml 2021-11-30 > 20:18:13.568247162 +0500 > +++ 2021/dsa-5015.wml 2021-11-30 21:11:52.145603416 +0500 > @@ -1,33 +1,40 @@ > -<define-tag description>security update</define-tag> > +#use wml::debian::translation-check > translation="021ca29ce4441965338f6b5b1369a60cf47bb0b9" mindelta="1" > maintainer="Lev Lamberov" > +<define-tag description>обновление безопасности</define-tag> > <define-tag moreinfo> > -<p>Andrew Bartlett discovered that Samba, a SMB/CIFS file, print, > and login > -server for Unix, may map domain users to local users in an undesired > -way. This could allow a user in an AD domain to potentially become > root > -on domain members.</p> > - > -<p>A new parameter <q>min domain uid</q> (default 1000) has been > added to > -specify the minimum uid allowed when mapping a local account to a > domain > -account.</p> > - > -<p>Further details and workarounds can be found in the upstream > advisory > -<a > href="https://www.samba.org/samba/security/";>https://www.samba.org/samba/security/ > </a><a > href="https://security-tracker.debian.org/tracker/CVE-2020-25717";>CVE > -2020-25717</a>.html</p> > - > -<p>For the oldstable distribution (buster), this problem has been > fixed > -in version 2:4.9.5+dfsg-5+deb10u2. Additionally the update mitigates > -<a > href="https://security-tracker.debian.org/tracker/CVE-2020-25722";>CVE > -2020-25722</a>. Unfortunately the changes required to fix additional > -CVEs affecting Samba as an AD-compatible domain controller are too > -invasive to be backported. Thus users using Samba as an AD- > compatible > -domain controller are encouraged to migrate to Debian bullseye. From > -this point onwards AD domain controller setups are no longer > supported > -in Debian oldstable.</p> > - > -<p>We recommend that you upgrade your samba packages.</p> > - > -<p>For the detailed security status of samba please refer to its > security > -tracker page at: > -<a > href="https://security-tracker.debian.org/tracker/samba";>https://security-tracker.debian.org/tracker/samba > </a></p> > +<p>Эндрю Бартлет сообщил, что Samba, файловый сервер, сервер > +печати и входа SMB/CIFS для Unix, может преобразовывать > пользователей > +домена в локальных пользователей нежелательным образом Это может > +позволить пользователю в AD-домене потенциально стать > суперпользователей > +на машинах домена.</p>
Это потенциально даёт возможность пользователю в AD-домене стать суперпользователЕМ ... ?
