Advisories ยป MGASA-2013-0369

Updated samba package fixes multiple vulnerabilities

Publication date: 12 Dec 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2012-6150 , CVE-2013-4408

Description

Updated samba packages fix security vulnerabilities:

Samba before 3.6.22 incorrectly allows login from authenticated users if the
require_membership_of parameter of pam_winbind specifies only invalid group
names (CVE-2012-6150).

It was discovered that multiple buffer overflows in the processing of DCE-RPC
packets may lead to the execution of arbitrary code (CVE-2013-4408).
                

References

SRPMS

3/core