Updated samba packages fix security vulnerability
Publication date: 23 Aug 2023Modification date: 23 Aug 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-2127 , CVE-2023-3347 , CVE-2023-34966 , CVE-2023-34967 , CVE-2023-34968
Description
Out-of-bounds read due to insufficient length checks in
winbindd_pam_auth_crap.c (CVE-2022-2127)
Improper SMB2 packet signing mechanism leading to man in the middle risk
(CVE-2023-3347)
Infinite loop vulnerability was found in Samba's mdssvc RPC service for
Spotlight (CVE-2023-34966)
Type Confusion vulnerability was found in Samba's mdssvc RPC service for
Spotlight (CVE-2023-34967)
Path disclosure vulnerability in the Spotlight protocol (CVE-2023-34968)
References
- https://bugs.mageia.org/show_bug.cgi?id=32152
- https://www.samba.org/samba/security/CVE-2023-34967.html
- https://www.samba.org/samba/security/CVE-2022-2127.html
- https://www.samba.org/samba/security/CVE-2023-34968.html
- https://www.samba.org/samba/security/CVE-2023-34966.html
- https://www.samba.org/samba/security/CVE-2023-3347.html
- https://www.samba.org/samba/history/samba-4.16.11.html
- https://www.samba.org/samba/history/samba-4.17.10.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3347
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968
SRPMS
8/core
- samba-4.16.11-1.mga8