12 matches found
SUSE: Security Advisory (SUSE-SU-2020:0223-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 8 package samba-DC version 4.9.18-alt1
4.9.18-alt1 built Feb. 12, 2020 Evgeny Sinelnikov in task 245130 Jan. 24, 2020 Evgeny Sinelnikov - Update to latest security release of the Samba 4.9 - Security fixes: + CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic + CVE-2019-14907: Crash after...
openSUSE: Security Advisory for samba (openSUSE-SU-2020:0122_1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for samba (moderate)
openSUSE Security Update: Security update for samba Announcement ID: openSUSE-SU-2020:0122-1 Rating: moderate References: 1141320 1160850 1160852 1160888 Cross-References: CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 Affected Products: openSUSE Leap 15.1 An update that solves three vulnerabilitie...
MGASA-2020-0058 Updated samba packages fix security vulnerabilities
The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...
Updated samba packages fix security vulnerabilities
The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...
SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:0223-1)
This update for samba fixes the following issues : Security issues fixed : CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing bsc1160888. CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not workin...
Security fix for the ALT Linux 10 package samba version 4.10.13-alt1
Jan. 24, 2020 Evgeny Sinelnikov 4.10.13-alt1 - Update to latest stable release of the Samba 4.10 - Security fixes: + CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic + CVE-2019-14907: Crash after failed character conversion at log level 3 or above +...
Ubuntu: Security Advisory (USN-4244-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4244-1: Samba vulnerabilities
It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-14902 Robert Święcki discovered that Samba incorrectly handled...
USN-4244-1 samba vulnerabilities
It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-14902 Robert Święcki discovered that Samba incorrectly handled...
Use after free during DNS zone scavenging
Description Samba 4.9 introduced an off-by-default feature to tombstone dynamically created DNS records that had reached their expiry time. This feature is controlled by the smb.conf option: dns zone scavenging = yes There is a use-after-free issue in this code, essentially due to a call to reall...