Mageia: 2020-0058 Moderate: Samba ACL and Memory Issues
mageia
January 28, 2020
The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers (CVE-2019-...
Summary
The implementation of ACL inheritance in the Samba AD DC was not
complete, and so absent a 'full-sync' replication, ACLs could get out of
sync between domain controllers (CVE-2019-14902).
When processing untrusted string input Samba can read past the end of
the allocated buffer when printing a "Conversion error" message to the
logs. This can cause a crash after the failed character conversion when
operating at log level 3 or above (CVE-2019-14907).
During DNS zone scavenging (of expired dynamic entries) in a Samba AD
DC, there is a read of memory after it has been freed (CVE-2019-19344).
Note that manual intervention is required to fully implement the fix
for CVE-2019-14902. See the upstream advisory for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=26113
- https://ubuntu.com/security/notices/USN-4244-1
-
-
-
-
- https://www.cve.org/CVERecord?id=CVE-2019-14902
- https://www.cve.org/CVERecord?id=CVE-2019-14907
- https://www.cve.org/CVERecord?id=CVE-2019-19344
Topics Covered
Resolution
SRPMS
- 7/core/samba-4.10.12-1.mga7
PREVIOUS 
NEXT Publication date: 28 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0058.html
Type: security
CVE: CVE-2019-14902, CVE-2019-14907, CVE-2019-19344
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!