Updated samba packages fix CVE-2013-4475
Publication date: 22 Nov 2013Modification date: 22 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4475
Description
Updated samba packages fix security vulnerabilities: Samba versions before 3.6.20 do not check the underlying file or directory ACL when opening an alternate data stream (CVE-2013-4475). Samba is not configured by default to support alternate data streams, so only servers that have enabled the streams_depot or streams_xattr VFS modules are affected.
References
SRPMS
3/core
- samba-3.6.15-1.2.mga3
2/core
- samba-3.6.5-2.4.mga2