Advisories ยป MGASA-2017-0145

Updated samba packages fix security vulnerability

Publication date: 25 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2126 , CVE-2017-2619 , CVE-2017-7494


A flaw was found in the way Samba handled PAC (Privilege Attribute
Certificate) checksums. A remote, authenticated attacker could use this
flaw to crash the winbindd process (CVE-2016-2126).

Jann Horn discovered that Samba incorrectly handled symlinks. An
authenticated remote attacker could use this issue to access files on the
server outside of the exported directories (CVE-2017-2619).

A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw
to execute arbitrary code as root (CVE-2017-7494).