MGASA-2019-0286
- Source
- https://advisories.mageia.org/MGASA-2019-0286.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0286.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2019-0286
- Related
- Published
- 2019-09-21T16:04:55Z
- Modified
- 2019-10-20T15:03:08Z
- Summary
- Updated samba packages fix security vulnerabilities
- Details
-
Updated samba packages fix security vulnerabilities:
A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition (CVE-2019-10197).
An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference (CVE-2019-12435)
An user with read access to the directory can cause a NULL pointer dereference using the paged search control (CVE-2019-12436).
For other fixes in this update, see the referenced changelogs.
- References
-
- https://advisories.mageia.org/MGASA-2019-0286.html
- https://bugs.mageia.org/show_bug.cgi?id=24980
- https://www.samba.org/samba/history/samba-4.10.5.html
- https://www.samba.org/samba/history/samba-4.10.6.html
- https://www.samba.org/samba/history/samba-4.10.7.html
- https://www.samba.org/samba/history/samba-4.10.8.html
- https://www.samba.org/samba/security/CVE-2019-12435.html
- https://www.samba.org/samba/security/CVE-2019-12436.html
- https://www.samba.org/samba/security/CVE-2019-10197.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / samba
Package
- Name
- samba
- Purl
- pkg:rpm/mageia/samba?distro=mageia-7
Mageia:7 / ldb
Package
- Name
- ldb
- Purl
- pkg:rpm/mageia/ldb?distro=mageia-7