MGASA-2020-0058 Updated samba packages fix security vulnerabilities

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...

Updated samba packages fix security vulnerabilities

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...

FreeBSD : samba -- multiple vulnerabilities (5f0dd349-40a2-11ea-8d8c-005056a311d1)

The Samba Team reports : CVE-2019-14902 The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. CVE-2019-14907 When processing untrusted string input Samba can read past the end of t...

Samba 4.x < 4.9.18 / 4.10.x < 4.10.12 / 4.11.x < 4.11.5 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.x prior to 4.9.18, 4.10.x prior to 4.10.12, or 4.11.x prior to 4.11.5. It is, therefore, affected by multiple vulnerabilities: - An issue exists with ACL inheritance due to added or removed delegated rights not being inherited across domain...

USN-4244-1 samba vulnerabilities

It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-14902 Robert Święcki discovered that Samba incorrectly handled...

CVE-2019-14902

A flaw was found in samba. A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made; the removal would not automatically be taken away on all domain controllers. The highest threat from this...

Replication of ACLs set to inherit down a

Description A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made. For example: - if a user or group was previously delegated the right to create or modify a subtree say to allow desktop suppor...

The vulnerability of Google Chrome, related to errors in inheriting security policies for new documents, allows a perpetrator to compromise the integrity of data.

The vulnerability of Google Chrome is related to errors in inheriting security policies for new documents. Exploiting this vulnerability can allow a malicious actor to compromise data integrity through a specially created HTML page...

CVE-2017-9075

The sctpv6createacceptsk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this fl...

Unspecified Vulnerability in CloudBees Jenkins Project Inheritance Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...

CloudBees Project Inheritance Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...

CloudBees Jenkins Project Inheritance Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

Code injection

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...