Advisories ยป MGASA-2018-0201

Updated samba packages fix security vulnerabilities

Publication date: 13 Apr 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-1050 , CVE-2018-1057


It was discovered that Samba is prone to a denial of service attack when
the RPC spoolss service is configured to be run as an external daemon

Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP
server incorrectly validates permissions to modify passwords over LDAP
allowing authenticated users to change any other users passwords,
including administrative users (CVE-2018-1057).

Note that Mageia 5 was only affected by the CVE-2018-1050 issue.