Updated samba packages fix security vulnerabilities
Publication date: 10 Nov 2020Modification date: 10 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14318 , CVE-2020-14323 , CVE-2020-14383
Description
Steven French discovered that Samba incorrectly handled ChangeNotify
permissions. A remote attacker could possibly use this issue to obtain file
name information (CVE-2020-14318).
Bas Alberts discovered that Samba incorrectly handled certain winbind
requests. A remote attacker could possibly use this issue to cause winbind to
crash, resulting in a denial of service (CVE-2020-14323).
Francis Brosnan Blázquez discovered that Samba incorrectly handled certain
invalid DNS records. A remote attacker could possibly use this issue to cause
the DNS server to crash, resulting in a denial of service (CVE-2020-14383).
References
- https://bugs.mageia.org/show_bug.cgi?id=27488
- https://www.samba.org/samba/security/CVE-2020-14318.html
- https://www.samba.org/samba/security/CVE-2020-14323.html
- https://www.samba.org/samba/security/CVE-2020-14383.html
- https://ubuntu.com/security/notices/USN-4611-1
- https://lists.suse.com/pipermail/sle-security-updates/2020-October/007660.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383
SRPMS
7/core
- samba-4.10.18-1.1.mga7