Advisories » MGASA-2020-0410

Updated samba packages fix security vulnerabilities

Publication date: 10 Nov 2020
Modification date: 10 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14318 , CVE-2020-14323 , CVE-2020-14383

Description

Steven French discovered that Samba incorrectly handled ChangeNotify
permissions. A remote attacker could possibly use this issue to obtain file
name information (CVE-2020-14318).

Bas Alberts discovered that Samba incorrectly handled certain winbind
requests. A remote attacker could possibly use this issue to cause winbind to
crash, resulting in a denial of service (CVE-2020-14323).

Francis Brosnan Blázquez discovered that Samba incorrectly handled certain
invalid DNS records. A remote attacker could possibly use this issue to cause
the DNS server to crash, resulting in a denial of service (CVE-2020-14383).
                

References

SRPMS

7/core