Advisories » MGASA-2026-0142

Updated samba packages fix security vulnerabilities

Publication date: 16 May 2026
Modification date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-14628 , CVE-2025-10230 , CVE-2025-9640

Description

An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted
objects in the LDAP store. (CVE-2018-14628)
Command injection in wins server hook script. (CVE-2025-10230)
vfs_streams_xattr uninitialized memory write possible. (CVE-2025-9640)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34672
• https://www.openwall.com/lists/oss-security/2025/10/15/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14628
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10230
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9640

SRPMS

9/core

• samba-4.17.12-1.2.mga9