MGASA-2019-0397

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0397.html

Import Source

https://advisories.mageia.org/MGASA-2019-0397.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0397

Related

Published

2019-12-19T13:44:26Z

Modified

2019-12-19T13:25:05Z

Summary

Updated samba packages fix security vulnerabilities

Details

Updated samba packages fix security vulnerabilities:

Malicious servers can cause Samba client code to return filenames containing path separators to calling code (CVE-2019-10218).

When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string (CVE-2019-14833).

Users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax (CVE-2019-14847).

An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name (CVE-2019-14861).

The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC (CVE-2019-14870).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / ldb

Package

Name: ldb
Purl: pkg:rpm/mageia/ldb?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.6-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.10.11-1.mga7

Ecosystem specific

{
    "section": "core"
}