Updated samba package fixes multiple vulnerabilities
Publication date: 12 Dec 2013Modification date: 12 Dec 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2012-6150 , CVE-2013-4408
Description
Updated samba packages fix security vulnerabilities:
Samba before 3.6.22 incorrectly allows login from authenticated users if the
require_membership_of parameter of pam_winbind specifies only invalid group
names (CVE-2012-6150).
It was discovered that multiple buffer overflows in the processing of DCE-RPC
packets may lead to the execution of arbitrary code (CVE-2013-4408).
References
- http://www.samba.org/samba/security/CVE-2012-6150
- http://www.samba.org/samba/security/CVE-2013-4408
- http://www.debian.org/security/2013/dsa-2812
- https://bugs.mageia.org/show_bug.cgi?id=11871
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
SRPMS
3/core
- samba-3.6.15-1.3.mga3