Updated samba packages fix security vulnerability
Publication date: 10 Jul 2020Modification date: 10 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10730 , CVE-2020-10745 , CVE-2020-10760 , CVE-2020-14303
Description
Updated samba packages fix security vulnerabilities:
Andrew Bartlett discovered that Samba incorrectly handled certain LDAP
queries. A remote attacker could use this issue to cause Samba to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2020-10730).
Douglas Bagnall discovered that Samba incorrectly handled certain queries.
A remote attacker could possibly use this issue to cause a denial of
service (CVE-2020-10745).
Andrei Popa discovered that Samba incorrectly handled certain LDAP
queries. A remote attacker could use this issue to cause Samba to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2020-10760).
The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further
requests once it receives a empty (zero-length) UDP packet to port 137
(CVE-2020-14303).
References
- https://bugs.mageia.org/show_bug.cgi?id=26893
- https://www.samba.org/samba/security/CVE-2020-10730.html
- https://www.samba.org/samba/security/CVE-2020-10745.html
- https://www.samba.org/samba/security/CVE-2020-10760.html
- https://www.samba.org/samba/security/CVE-2020-14303.html
- https://www.samba.org/samba/history/samba-4.10.17.html
- https://ubuntu.com/security/notices/USN-4409-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10745
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10760
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14303
SRPMS
7/core
- ldb-1.5.8-1.mga7
- samba-4.10.17-1.mga7