Updated samba packages fix CVE-2013-4475
Publication date: 22 Nov 2013Modification date: 22 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4475
Description
Updated samba packages fix security vulnerabilities:
Samba versions before 3.6.20 do not check the underlying file or directory ACL
when opening an alternate data stream (CVE-2013-4475).
Samba is not configured by default to support alternate data streams, so only
servers that have enabled the streams_depot or streams_xattr VFS modules are
affected.
References
SRPMS
2/core
- samba-3.6.5-2.4.mga2
3/core
- samba-3.6.15-1.2.mga3