MGASA-2026-0142

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0142.html

Import Source

https://advisories.mageia.org/MGASA-2026-0142.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0142

Upstream

CVE-2018-14628

CVE-2025-10230

CVE-2025-9640

Published

2026-05-16T00:52:55Z

Modified

2026-05-16T01:00:06.741183Z

Summary

Updated samba packages fix security vulnerabilities

Details

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. (CVE-2018-14628) Command injection in wins server hook script. (CVE-2025-10230) vfsstreamsxattr uninitialized memory write possible. (CVE-2025-9640)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.17.12-1.2.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0142.json"