{"id":"MGASA-2018-0023","summary":"Updated samba packages fix security vulnerabilities","details":"Updated samba packages fix security vulnerabilities:\n\nStefan Metzmacher discovered that Samba incorrectly enforced SMB signing in\ncertain situations. A remote attacker could use this issue to perform a man\nin the middle attack. (CVE-2017-12150)\n\nStefan Metzmacher discovered that Samba incorrectly handled encryption\nacross DFS redirects. A remote attacker could use this issue to perform a\nman in the middle attack. (CVE-2017-12151)\n\nYihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory\nwhen SMB1 is being used. A remote attacker could possibly use this issue to\nobtain server memory contents. (CVE-2017-12163)\n\nYihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory\nwhen processing certain SMB1 requests. A remote attacker could possibly use\nthis issue to execute arbitrary code. (CVE-2017-14746)\n\nVolker Lendecke discovered that Samba incorrectly cleared memory when\nreturning data to a client. A remote attacker could possibly use this issue\nto obtain sensitive information. (CVE-2017-15275)\n\nThe samba package has been updated to version 4.6.12 to fix these issues and\nother bugs.\n\nAlso, the talloc package has been updated to 2.1.10 and the tevent package\nhas been updated to 0.9.34, as they were needed by the updated samba.\n","modified":"2026-02-04T04:07:30.806921Z","published":"2018-01-02T16:25:41Z","related":["CVE-2017-12150","CVE-2017-12151","CVE-2017-12163","CVE-2017-14746","CVE-2017-15275"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0023.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22030"},{"type":"REPORT","url":"https://www.samba.org/samba/history/samba-4.6.8.html"},{"type":"REPORT","url":"https://www.samba.org/samba/history/samba-4.6.9.html"},{"type":"REPORT","url":"https://www.samba.org/samba/history/samba-4.6.10.html"},{"type":"REPORT","url":"https://www.samba.org/samba/history/samba-4.6.11.html"},{"type":"REPORT","url":"https://www.samba.org/samba/history/samba-4.6.12.html"},{"type":"REPORT","url":"https://www.samba.org/samba/security/CVE-2017-12150.html"},{"type":"REPORT","url":"https://www.samba.org/samba/security/CVE-2017-12151.html"},{"type":"REPORT","url":"https://www.samba.org/samba/security/CVE-2017-12163.html"},{"type":"REPORT","url":"https://www.samba.org/samba/security/CVE-2017-14746.html"},{"type":"REPORT","url":"https://www.samba.org/samba/security/CVE-2017-15275.html"},{"type":"REPORT","url":"https://usn.ubuntu.com/usn/usn-3426-1/"},{"type":"REPORT","url":"https://usn.ubuntu.com/usn/usn-3486-1/"}],"affected":[{"package":{"name":"samba","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/samba?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.6.12-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0023.json"}},{"package":{"name":"talloc","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/talloc?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.10-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0023.json"}},{"package":{"name":"tevent","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/tevent?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.34-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0023.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}