MGASA-2018-0022
- Source
- https://advisories.mageia.org/MGASA-2018-0022.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0022.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2018-0022
- Related
- Published
- 2018-01-02T16:25:41Z
- Modified
- 2018-01-02T16:01:05Z
- Summary
- Updated samba packages fix security vulnerability
- Details
-
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2017-12150)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote attacker could possibly use this issue to obtain server memory contents. (CVE-2017-12163)
Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15275)
- References
-
- https://advisories.mageia.org/MGASA-2018-0022.html
- https://bugs.mageia.org/show_bug.cgi?id=21743
- https://www.samba.org/samba/security/CVE-2017-12150.html
- https://www.samba.org/samba/security/CVE-2017-12163.html
- https://www.samba.org/samba/security/CVE-2017-15275.html
- https://usn.ubuntu.com/usn/usn-3426-2/
- https://usn.ubuntu.com/usn/usn-3486-2/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / samba
Package
- Name
- samba
- Purl
- pkg:rpm/mageia/samba?distro=mageia-5