samba: fix three CVEs

CVE-2021-44142: out-of-bounds heap read/write
CVE-2020-25717: user can become root
CVE-2020-25719: AD DC does not always rely on the SID and PAC

=== testing

Boot iso and check rpm versions.  Only samba
libraries are included in the image.

===

Closes-bug: 1964842
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Change-Id: I55a97b662ac24c1ba9852a09d8e40b5a40f67945

centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst

@@ -40,7 +40,7 @@ libss-devel-1.42.9-13.el7.x86_64.rpm
 libtalloc-2.1.13-1.el7.x86_64.rpm
 libtdb-1.3.18-1.el7.x86_64.rpm
 libtevent-0.9.39-1.el7.x86_64.rpm
-libwbclient-4.10.16-5.el7.x86_64.rpm
+libwbclient-4.10.16-18.el7_9.x86_64.rpm
 lvm2-2.02.177-4.el7.x86_64.rpm
 lvm2-libs-2.02.177-4.el7.x86_64.rpm
 # nss-softokn-3.67.0-3.el7_9.x86_64.rpm provided by mock
@@ -77,9 +77,9 @@ python-virtualenv-15.1.0-2.el7.noarch.rpm
 qemu-vanilla-4.1.1+git.99c5874a9b-3.1.x86_64.rpm
 qemu-vanilla-bin-4.1.1+git.99c5874a9b-3.1.x86_64.rpm
 qemu-vanilla-data-4.1.1+git.99c5874a9b-3.1.x86_64.rpm
-samba-client-libs-4.10.16-5.el7.x86_64.rpm
-samba-common-4.10.16-5.el7.noarch.rpm
-samba-common-libs-4.10.16-5.el7.x86_64.rpm
+samba-client-libs-4.10.16-18.el7_9.x86_64.rpm
+samba-common-4.10.16-18.el7_9.noarch.rpm
+samba-common-libs-4.10.16-18.el7_9.x86_64.rpm
 selinux-policy-3.13.1-229.el7_6.6.noarch.rpm
 selinux-policy-minimum-3.13.1-229.el7_6.6.noarch.rpm
 selinux-policy-mls-3.13.1-229.el7_6.6.noarch.rpm