MGASA-2020-0205

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0205.html

Import Source

https://advisories.mageia.org/MGASA-2020-0205.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0205

Related

Published

2020-05-08T10:57:54Z

Modified

2020-05-08T10:23:37Z

Summary

Updated samba packages fix security vulnerabilities

Details

Updated samba packages fix security vulnerabilities:

A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server (CVE-2020-10700).

A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV (CVE-2020-10704).

The samba package has been updated to version 4.10.15, fixing these issues and other bugs. The ldb package has been updated to version 1.5.7. The sssd package has been rebuilt for the updated ldb.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.10.15-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / sssd

Package

Name: sssd
Purl: pkg:rpm/mageia/sssd?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.3-3.2.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / ldb

Package

Name: ldb
Purl: pkg:rpm/mageia/ldb?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.7-1.mga7

Ecosystem specific

{
    "section": "core"
}