samba -- Multiple Vulnerabilities

The Samba Team reports:

• CVE-2020-25717: A user in an AD Domain could become root on domain members.
• CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC.
• CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets.
• CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid).
• CVE-2020-25722: Samba AD DC did not do sufficient access and conformance checking of data stored.
• CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication.
• CVE-2021-3738: Use after free in Samba AD DC RPC server.
• CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.

[source]