Updated samba packages fix security vulnerabilitiesPublication date: 28 Jan 2020
Affected Mageia releases : 7
CVE: CVE-2019-14902 , CVE-2019-14907 , CVE-2019-19344
The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers (CVE-2019-14902). When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs. This can cause a crash after the failed character conversion when operating at log level 3 or above (CVE-2019-14907). During DNS zone scavenging (of expired dynamic entries) in a Samba AD DC, there is a read of memory after it has been freed (CVE-2019-19344). Note that manual intervention is required to fully implement the fix for CVE-2019-14902. See the upstream advisory for details.