MGASA-2019-0152

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0152.html

Import Source

https://advisories.mageia.org/MGASA-2019-0152.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0152

Related

Published

2019-05-07T21:38:09Z

Modified

2019-05-07T21:01:21Z

Summary

Updated ldb packages fix security vulnerability

Details

Garming Sam reported an out-of-bounds read in the ldbwildcardcompare() function of ldb, resulting in denial of service (CVE-2019-3824).

The ldb package has been updated to version 1.2.4 to fix this issue. The sssd and samba packages have been rebuilt against the updated ldb.

If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. (CVE-2019-3811)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / ldb

Package

Name: ldb
Purl: pkg:rpm/mageia/ldb?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.4-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.7.12-1.2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / sssd

Package

Name: sssd
Purl: pkg:rpm/mageia/sssd?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.13.4-9.5.mga6

Ecosystem specific

{
    "section": "core"
}