Advisories » MGASA-2013-0369

Updated samba package fixes multiple vulnerabilities

Publication date: 12 Dec 2013
Modification date: 12 Dec 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2012-6150 , CVE-2013-4408

Description

Updated samba packages fix security vulnerabilities:

Samba before 3.6.22 incorrectly allows login from authenticated users if the
require_membership_of parameter of pam_winbind specifies only invalid group
names (CVE-2012-6150).

It was discovered that multiple buffer overflows in the processing of DCE-RPC
packets may lead to the execution of arbitrary code (CVE-2013-4408).
                

References

• http://www.samba.org/samba/security/CVE-2012-6150
• http://www.samba.org/samba/security/CVE-2013-4408
• http://www.debian.org/security/2013/dsa-2812
• https://bugs.mageia.org/show_bug.cgi?id=11871
• https://www.cve.org/CVERecord?id=CVE-2012-6150
• https://www.cve.org/CVERecord?id=CVE-2013-4408

SRPMS

3/core

• samba-3.6.15-1.3.mga3