What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0247 - Updated samba packages fix security vulnerability

Publication date: 23 Aug 2023
URL: https://advisories.mageia.org/MGASA-2023-0247.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-2127,
     CVE-2023-3347,
     CVE-2023-34966,
     CVE-2023-34967,
     CVE-2023-34968

Out-of-bounds read due to insufficient length checks in
winbindd_pam_auth_crap.c (CVE-2022-2127)
Improper SMB2 packet signing mechanism leading to man in the middle risk
(CVE-2023-3347)
Infinite loop vulnerability was found in Samba's mdssvc RPC service for
Spotlight (CVE-2023-34966)
Type Confusion vulnerability was found in Samba's mdssvc RPC service for
Spotlight (CVE-2023-34967)
Path disclosure vulnerability in the Spotlight protocol (CVE-2023-34968)

References:
- https://bugs.mageia.org/show_bug.cgi?id=32152
- https://www.samba.org/samba/security/CVE-2023-34967.html
- https://www.samba.org/samba/security/CVE-2022-2127.html
- https://www.samba.org/samba/security/CVE-2023-34968.html
- https://www.samba.org/samba/security/CVE-2023-34966.html
- https://www.samba.org/samba/security/CVE-2023-3347.html
- https://www.samba.org/samba/history/samba-4.16.11.html
- https://www.samba.org/samba/history/samba-4.17.10.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3347
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968

SRPMS:
- 8/core/samba-4.16.11-1.mga8

Mageia 2023-0247: samba security update

Out-of-bounds read due to insufficient length checks in winbindd_pam_auth_crap.c (CVE-2022-2127) Improper SMB2 packet signing mechanism leading to man in the middle risk (CVE-2023-...

Summary

Out-of-bounds read due to insufficient length checks in winbindd_pam_auth_crap.c (CVE-2022-2127) Improper SMB2 packet signing mechanism leading to man in the middle risk (CVE-2023-3347) Infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight (CVE-2023-34966) Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight (CVE-2023-34967) Path disclosure vulnerability in the Spotlight protocol (CVE-2023-34968)

References

- https://bugs.mageia.org/show_bug.cgi?id=32152

- https://www.samba.org/samba/security/CVE-2023-34967.html

- https://www.samba.org/samba/security/CVE-2022-2127.html

- https://www.samba.org/samba/security/CVE-2023-34968.html

- https://www.samba.org/samba/security/CVE-2023-34966.html

- https://www.samba.org/samba/security/CVE-2023-3347.html

- https://www.samba.org/samba/history/samba-4.16.11.html

- https://www.samba.org/samba/history/samba-4.17.10.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3347

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968

Resolution

MGASA-2023-0247 - Updated samba packages fix security vulnerability

SRPMS

- 8/core/samba-4.16.11-1.mga8

Severity
Publication date: 23 Aug 2023
URL: https://advisories.mageia.org/MGASA-2023-0247.html
Type: security
CVE: CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968

Related News

Mitigations for Severe JOSE for C/C++ DoS, Info Disclosure Bug Released

Sep 7, 2023

X.Org DoS, Code Execution Vulns Fixed

Aug 3, 2023

Linux Kernel DoS, Code Execution, Info Disclosure Vulns Fixed

Jul 6, 2023

News

Advisories

HOWTOs

Features

Guide To Tackling Network Programming Assignments On Linux
Guide To Software Security Testing On Linux
Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy

About Us

Powered By

Footer Logo

Feedback