Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 6: 2019-0011 Critical: Samba Infinite Recursion Denial Of Service

mageia
Calendar Grey January 5, 2019
Dist Mageia Esm H88
MGASA-2019-0011 - Updated ldb, talloc, and samba packages fix security vulnerabilities Publication d
Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service (CVE-2018-14629)

Summary

Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service (CVE-2018-14629).
Alex MacCuish discovered that a user with a valid certificate or smart card can crash the Samba AD DC's KDC when configured to accept smart-card authentication (CVE-2018-16841).
Garming Sam of the Samba Team and Catalyst discovered a NULL pointer dereference vulnerability in the Samba AD DC LDAP server allowing a user able to read more than 256MB of LDAP entries to crash the Samba AD DC's LDAP server (CVE-2018-16851).
Samba has been updated to version 4.7.12 of the 4.7.x stable branch, and the tdb, talloc, tevent, ldb, and cmocka packages have also been updated.
The sssd package has also been rebuilt against the updated ldb.

References

- https://bugs.mageia.org/show_bug.cgi?id=24061

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

- https://lists.debian.org/debian-security-announce/2018/msg00277.html

- https://www.cve.org/CVERecord?id=CVE-2018-14629

- https://www.cve.org/CVERecord?id=CVE-2018-16841

- https://www.cve.org/CVERecord?id=CVE-2018-16851

Topics%20covered

Topics Covered

security advisory denial of service security update samba infinite recursion mageia

Resolution

SRPMS

- 6/core/tdb-1.3.14-1.mga6

- 6/core/talloc-2.1.11-1.1.mga6

- 6/core/tevent-0.9.36-1.1.mga6

- 6/core/ldb-1.2.3-1.mga6

- 6/core/cmocka-1.1.3-1.mga6

- 6/core/sssd-1.13.4-9.3.mga6

- 6/core/samba-4.7.12-1.1.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 05 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0011.html
Type: security
CVE: CVE-2018-14629, CVE-2018-16841, CVE-2018-16851

Topics%20covered

Topics Covered

security advisory denial of service security update samba infinite recursion mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here