MGASA-2016-0094

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0094.html

Import Source

https://advisories.mageia.org/MGASA-2016-0094.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0094

Related

Published

2016-03-03T17:43:41Z

Modified

2016-03-03T17:39:05Z

Summary

Updated samba packages fix security vulnerabilities

Details

Updated ldb and samba packages fix security vulnerabilities:

A malicious client can send packets that cause the LDAP server in the samba daemon process to become unresponsive, preventing the server from servicing any other requests (CVE-2015-3223).

Versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to a bug in symlink verification, which under certain circumstances could allow client access to files outside the exported share path (CVE-2015-5252).

Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that signing is negotiated when creating an encrypted client connection to a server. Without this, a man-in-the-middle attack could downgrade the connection and connect using the supplied credentials as an unsigned, unencrypted connection (CVE-2015-5296).

Versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to a missing access control check in the vfsshadowcopy2 module, which could allow unauthorized users to access snapshots (CVE-2015-5299).

A malicious client can send packets that cause the LDAP server in the samba daemon process to return heap memory beyond the length of the requested value. This memory may contain data that the client should not be allowed to see, allowing compromise of the server (CVE-2015-5330).

The talloc, tdb, tevent, and ldb packages have been updated to their lastest versions, and the samba package has been patched to fix these issues.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / talloc

Package

Name: talloc
Purl: pkg:rpm/mageia/talloc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.5-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / tdb

Package

Name: tdb
Purl: pkg:rpm/mageia/tdb?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.8-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / tevent

Package

Name: tevent
Purl: pkg:rpm/mageia/tevent?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.28-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / ldb

Package

Name: ldb
Purl: pkg:rpm/mageia/ldb?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.26-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.25-2.1.mga5

Ecosystem specific

{
    "section": "core"
}