{
  "schema_version": "1.7.0",
  "id": "MGASA-2026-0142",
  "published": "2026-05-16T00:52:55Z",
  "modified": "2026-05-16T00:04:03Z",
  "summary": "Updated samba packages fix security vulnerabilities",
  "details": "An information leak vulnerability was discovered in Samba's LDAP server.\nDue to missing access control checks, an authenticated but unprivileged\nattacker could discover the names and preserved attributes of deleted\nobjects in the LDAP store. (CVE-2018-14628)\nCommand injection in wins server hook script. (CVE-2025-10230)\nvfs_streams_xattr uninitialized memory write possible. (CVE-2025-9640)\n",
  "upstream": [
    "CVE-2018-14628",
    "CVE-2025-10230",
    "CVE-2025-9640"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2026-0142.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=34672"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2025/10/15/2"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "samba",
        "purl": "pkg:rpm/mageia/samba?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.17.12-1.2.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}