Advisories ยป MGASA-2019-0286

Updated samba packages fix security vulnerabilities

Publication date: 21 Sep 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-10197 , CVE-2019-12435 , CVE-2019-12436


Updated samba packages fix security vulnerabilities:

A combination of parameters and permissions in smb.conf can allow user
to escape from the share path definition (CVE-2019-10197).

An authenticated user can crash the Samba AD DC's RPC server process via
a NULL pointer dereference (CVE-2019-12435)

An user with read access to the directory can cause a NULL pointer
dereference using the paged search control (CVE-2019-12436).

For other fixes in this update, see the referenced changelogs.