Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0058)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0058

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0058)

Resumen: The remote host is missing an update for the 'samba' package(s) announced via the MGASA-2020-0058 advisory.

Descripción: Summary:
The remote host is missing an update for the 'samba' package(s) announced via the MGASA-2020-0058 advisory.

Vulnerability Insight:
The implementation of ACL inheritance in the Samba AD DC was not
complete, and so absent a 'full-sync' replication, ACLs could get out of
sync between domain controllers (CVE-2019-14902).

When processing untrusted string input Samba can read past the end of
the allocated buffer when printing a 'Conversion error' message to the
logs. This can cause a crash after the failed character conversion when
operating at log level 3 or above (CVE-2019-14907).

During DNS zone scavenging (of expired dynamic entries) in a Samba AD
DC, there is a read of memory after it has been freed (CVE-2019-19344).

Note that manual intervention is required to fully implement the fix
for CVE-2019-14902. See the upstream advisory for details.

Affected Software/OS:
'samba' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-14902
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/
https://security.gentoo.org/glsa/202003-52
https://www.samba.org/samba/security/CVE-2019-14902.html
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
SuSE Security Announcement: openSUSE-SU-2020:0122 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html
https://usn.ubuntu.com/4244-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-14907
https://www.samba.org/samba/security/CVE-2019-14907.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-19344
https://www.samba.org/samba/security/CVE-2019-19344.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0058
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0058)
Resumen:	The remote host is missing an update for the 'samba' package(s) announced via the MGASA-2020-0058 advisory.
Descripción:	Summary: The remote host is missing an update for the 'samba' package(s) announced via the MGASA-2020-0058 advisory. Vulnerability Insight: The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers (CVE-2019-14902). When processing untrusted string input Samba can read past the end of the allocated buffer when printing a 'Conversion error' message to the logs. This can cause a crash after the failed character conversion when operating at log level 3 or above (CVE-2019-14907). During DNS zone scavenging (of expired dynamic entries) in a Samba AD DC, there is a read of memory after it has been freed (CVE-2019-19344). Note that manual intervention is required to fully implement the fix for CVE-2019-14902. See the upstream advisory for details. Affected Software/OS: 'samba' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14902 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/ https://security.gentoo.org/glsa/202003-52 https://www.samba.org/samba/security/CVE-2019-14902.html https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html SuSE Security Announcement: openSUSE-SU-2020:0122 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html https://usn.ubuntu.com/4244-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-14907 https://www.samba.org/samba/security/CVE-2019-14907.html Common Vulnerability Exposure (CVE) ID: CVE-2019-19344 https://www.samba.org/samba/security/CVE-2019-19344.html
Copyright	Copyright (C) 2022 Greenbone AG