Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Debian 10 Buster DLA-3792-1 Moderate: Samba Security Fixes

debian lts
Calendar Grey April 22, 2024
Dist Debian Esm H88
Ubuntu Security Notice USN-1234-1 talks about vulnerabilities in OpenSSH, enhancing system integrity with essential patches released on May 10, 2024.
Several vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server for Unix CVE-2020-14318
Topics%20covered

Topics Covered

security advisory moderate buffer overflow Debian DoS samba memory leak

Summary

CVE-2020-14318

Missing handle permissions check in ChangeNotify

CVE-2020-14323

Unprivileged user can crash winbind via invalid lookupsids DoS

CVE-2020-14383

DNS server crash via invalid records resulting from uninitialized
variables

CVE-2022-2127

Out-of-bounds read in winbind AUTH_CRAP

CVE-2022-3437

Heimdal des/des3 heap-based buffer overflow

CVE-2022-32742

Server memory information leak via SMB1

CVE-2023-4091

Client can truncate files even with read-only permissions

For Debian 10 buster, these problems have been fixed in version
2:4.9.5+dfsg-5+deb10u5.

We recommend that you upgrade your samba packages.

For the detailed security status of samba please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/samba

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Package: samba
Version: 2:4.9.5+dfsg-5+deb10u5
CVE ID: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2022-2127

Topics%20covered

Topics Covered

security advisory moderate buffer overflow Debian DoS samba memory leak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here