MGASA-2021-0287

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0287.html

Import Source

https://advisories.mageia.org/MGASA-2021-0287.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0287

Related

Published

2021-06-25T14:43:41Z

Modified

2021-06-25T13:32:06Z

Summary

Updated samba and ldb packages fix security vulnerabilities

Details

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability (CVE-2020-27840).

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2021-20254).

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability (CVE-2021-20277).

Also, the samba package for Mageia 7 fixes a scriplet issue when updating.

Additionally, the sssd package has been rebuilt for the updated ldb package.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / ldb

Package

Name: ldb
Purl: pkg:rpm/mageia/ldb?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.5-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.15-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / sssd

Package

Name: sssd
Purl: pkg:rpm/mageia/sssd?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-1.1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / ldb

Package

Name: ldb
Purl: pkg:rpm/mageia/ldb?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.8-1.1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.10.18-1.3.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / sssd

Package

Name: sssd
Purl: pkg:rpm/mageia/sssd?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.3-3.3.mga7

Ecosystem specific

{
    "section": "core"
}