{"id":"MGASA-2017-0145","summary":"Updated samba packages fix security vulnerability","details":"A flaw was found in the way Samba handled PAC (Privilege Attribute\nCertificate) checksums. A remote, authenticated attacker could use this\nflaw to crash the winbindd process (CVE-2016-2126).\n\nJann Horn discovered that Samba incorrectly handled symlinks. An\nauthenticated remote attacker could use this issue to access files on the\nserver outside of the exported directories (CVE-2017-2619).\n\nA remote code execution flaw was found in Samba. A malicious authenticated\nsamba client, having write access to the samba share, could use this flaw\nto execute arbitrary code as root (CVE-2017-7494).\n","modified":"2026-04-16T06:24:08.406766875Z","published":"2017-05-25T14:37:42Z","upstream":["CVE-2016-2126","CVE-2017-2619","CVE-2017-7494"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0145.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20558"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2016-2126.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2017-2619.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2017-7494.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2017-0662.html"},{"type":"WEB","url":"https://www.ubuntu.com/usn/usn-3242-1/"},{"type":"WEB","url":"https://www.ubuntu.com/usn/usn-3242-2/"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2017-1270.html"}],"affected":[{"package":{"name":"samba","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/samba?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.25-2.7.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0145.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}