Updated samba packages fix security vulnerabilities
Publication date: 30 Oct 2018Modification date: 30 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10858 , CVE-2018-10919
Description
Updated samba packages fix security vulnerabilities: A malicious server could return a directory entry that could corrupt libsmbclient memory (CVE-2018-10858). Missing access control checks allow discovery of confidential attribute values via authenticated LDAP search expressions (CVE-2018-10919). The samba package has been updated to version 4.6.16, fixing these issues and other bugs.
References
- https://bugs.mageia.org/show_bug.cgi?id=23444
- https://www.samba.org/samba/security/CVE-2018-10858.html
- https://www.samba.org/samba/security/CVE-2018-10919.html
- https://www.samba.org/samba/history/samba-4.6.13.html
- https://www.samba.org/samba/history/samba-4.6.14.html
- https://www.samba.org/samba/history/samba-4.6.15.html
- https://www.samba.org/samba/history/samba-4.6.16.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919
SRPMS
6/core
- samba-4.6.16-1.mga6