Advisories ยป MGASA-2018-0424

Updated samba packages fix security vulnerabilities

Publication date: 30 Oct 2018
Modification date: 30 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10858 , CVE-2018-10919

Description

Updated samba packages fix security vulnerabilities:

A malicious server could return a directory entry that could corrupt
libsmbclient memory (CVE-2018-10858).

Missing access control checks allow discovery of confidential attribute
values via authenticated LDAP search expressions (CVE-2018-10919).

The samba package has been updated to version 4.6.16, fixing these issues
and other bugs.
                

References

SRPMS

6/core