Updated samba packages fix security vulnerabilitiesPublication date: 13 Apr 2018
Affected Mageia releases : 5 , 6
CVE: CVE-2018-1050 , CVE-2018-1057
It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon (CVE-2018-1050). Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users (CVE-2018-1057). Note that Mageia 5 was only affected by the CVE-2018-1050 issue.