MGASA-2019-0011

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0011.html

Import Source

https://advisories.mageia.org/MGASA-2019-0011.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0011

Related

Published

2019-01-05T18:30:16Z

Modified

2019-01-05T18:03:54Z

Summary

Updated ldb, talloc, and samba packages fix security vulnerabilities

Details

Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service (CVE-2018-14629).

Alex MacCuish discovered that a user with a valid certificate or smart card can crash the Samba AD DC's KDC when configured to accept smart-card authentication (CVE-2018-16841).

Garming Sam of the Samba Team and Catalyst discovered a NULL pointer dereference vulnerability in the Samba AD DC LDAP server allowing a user able to read more than 256MB of LDAP entries to crash the Samba AD DC's LDAP server (CVE-2018-16851).

Samba has been updated to version 4.7.12 of the 4.7.x stable branch, and the tdb, talloc, tevent, ldb, and cmocka packages have also been updated.

The sssd package has also been rebuilt against the updated ldb.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / tdb

Package

Name: tdb
Purl: pkg:rpm/mageia/tdb?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.14-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / talloc

Package

Name: talloc
Purl: pkg:rpm/mageia/talloc?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.11-1.1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / tevent

Package

Name: tevent
Purl: pkg:rpm/mageia/tevent?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.36-1.1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / ldb

Package

Name: ldb
Purl: pkg:rpm/mageia/ldb?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / cmocka

Package

Name: cmocka
Purl: pkg:rpm/mageia/cmocka?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.3-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / sssd

Package

Name: sssd
Purl: pkg:rpm/mageia/sssd?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.13.4-9.3.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.7.12-1.1.mga6

Ecosystem specific

{
    "section": "core"
}