Updated samba packages fix security vulnerability
Publication date: 25 May 2017Modification date: 25 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2126 , CVE-2017-2619 , CVE-2017-7494
Description
A flaw was found in the way Samba handled PAC (Privilege Attribute
Certificate) checksums. A remote, authenticated attacker could use this
flaw to crash the winbindd process (CVE-2016-2126).
Jann Horn discovered that Samba incorrectly handled symlinks. An
authenticated remote attacker could use this issue to access files on the
server outside of the exported directories (CVE-2017-2619).
A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw
to execute arbitrary code as root (CVE-2017-7494).
References
- https://bugs.mageia.org/show_bug.cgi?id=20558
- https://www.samba.org/samba/security/CVE-2016-2126.html
- https://www.samba.org/samba/security/CVE-2017-2619.html
- https://www.samba.org/samba/security/CVE-2017-7494.html
- https://rhn.redhat.com/errata/RHSA-2017-0662.html
- https://www.ubuntu.com/usn/usn-3242-1/
- https://www.ubuntu.com/usn/usn-3242-2/
- https://rhn.redhat.com/errata/RHSA-2017-1270.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
SRPMS
5/core
- samba-3.6.25-2.7.mga5