Пт 03 дек 2021 @ 17:25 Galina Anikina <meril...@yandex.ru>: > On Tue, 2021-11-30 at 21:12 +0500, Lev Lamberov wrote: >> --- ../../english/security/2021/dsa-5015.wml 2021-11-30 >> 20:18:13.568247162 +0500 >> +++ 2021/dsa-5015.wml 2021-11-30 21:11:52.145603416 +0500 >> @@ -1,33 +1,40 @@ >> -<define-tag description>security update</define-tag> >> +#use wml::debian::translation-check >> translation="021ca29ce4441965338f6b5b1369a60cf47bb0b9" mindelta="1" >> maintainer="Lev Lamberov" >> +<define-tag description>обновление безопасности</define-tag> >> <define-tag moreinfo> >> -<p>Andrew Bartlett discovered that Samba, a SMB/CIFS file, print, >> and login >> -server for Unix, may map domain users to local users in an undesired >> -way. This could allow a user in an AD domain to potentially become >> root >> -on domain members.</p> >> - >> -<p>A new parameter <q>min domain uid</q> (default 1000) has been >> added to >> -specify the minimum uid allowed when mapping a local account to a >> domain >> -account.</p> >> - >> -<p>Further details and workarounds can be found in the upstream >> advisory >> -<a >> href="https://www.samba.org/samba/security/">https://www.samba.org/samba/security/ >> </a><a >> href="https://security-tracker.debian.org/tracker/CVE-2020-25717">CVE >> -2020-25717</a>.html</p> >> - >> -<p>For the oldstable distribution (buster), this problem has been >> fixed >> -in version 2:4.9.5+dfsg-5+deb10u2. Additionally the update mitigates >> -<a >> href="https://security-tracker.debian.org/tracker/CVE-2020-25722">CVE >> -2020-25722</a>. Unfortunately the changes required to fix additional >> -CVEs affecting Samba as an AD-compatible domain controller are too >> -invasive to be backported. Thus users using Samba as an AD- >> compatible >> -domain controller are encouraged to migrate to Debian bullseye. From >> -this point onwards AD domain controller setups are no longer >> supported >> -in Debian oldstable.</p> >> - >> -<p>We recommend that you upgrade your samba packages.</p> >> - >> -<p>For the detailed security status of samba please refer to its >> security >> -tracker page at: >> -<a >> href="https://security-tracker.debian.org/tracker/samba">https://security-tracker.debian.org/tracker/samba >> </a></p> >> +<p>Эндрю Бартлет сообщил, что Samba, файловый сервер, сервер >> +печати и входа SMB/CIFS для Unix, может преобразовывать >> пользователей >> +домена в локальных пользователей нежелательным образом Это может >> +позволить пользователю в AD-домене потенциально стать >> суперпользователей >> +на машинах домена.</p> > > Это потенциально даёт возможность пользователю в AD-домене стать > суперпользователЕМ ... > ?
Исправил. Спасибо!