Gentoo FoundationMGASA-2020-0058Updated samba packages fix security vulnerabilities
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
78.2%
The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a ‘full-sync’ replication, ACLs could get out of sync between domain controllers (CVE-2019-14902). When processing untrusted string input Samba can read past the end of the allocated buffer when printing a “Conversion error” message to the logs. This can cause a crash after the failed character conversion when operating at log level 3 or above (CVE-2019-14907). During DNS zone scavenging (of expired dynamic entries) in a Samba AD DC, there is a read of memory after it has been freed (CVE-2019-19344). Note that manual intervention is required to fully implement the fix for CVE-2019-14902. See the upstream advisory for details.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | samba | < 4.10.12-1 | samba-4.10.12-1.mga7 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
78.2%