Description
* It was found that Samba always requested forwardable tickets when using
Kerberos authentication. A service to which Samba authenticated using Kerberos
could subsequently use the ticket to impersonate Samba to other services or
domain users. (CVE-2016-2125)
* A flaw was found in the way Samba handled PAC (Privilege Attribute
Certificate) checksums. A remote, authenticated attacker could use this flaw to
crash the winbindd process. (CVE-2016-2126)
* A race condition was found in samba server. A malicious samba client could use
this flaw to access files and directories, in areas of the server file system
not exported under the share definitions. (CVE-2017-2619)