Advisories ยป MGASA-2013-0348

Updated samba packages fix CVE-2013-4475

Publication date: 22 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4475

Description

Updated samba packages fix security vulnerabilities:

Samba versions before 3.6.20 do not check the underlying file or directory ACL
when opening an alternate data stream (CVE-2013-4475).

Samba is not configured by default to support alternate data streams, so only
servers that have enabled the streams_depot or streams_xattr VFS modules are
affected.
                

References

SRPMS

3/core

2/core