{"id":"MGASA-2018-0424","summary":"Updated samba packages fix security vulnerabilities","details":"Updated samba packages fix security vulnerabilities:\n\nA malicious server could return a directory entry that could corrupt\nlibsmbclient memory (CVE-2018-10858).\n\nMissing access control checks allow discovery of confidential attribute\nvalues via authenticated LDAP search expressions (CVE-2018-10919).\n\nThe samba package has been updated to version 4.6.16, fixing these issues\nand other bugs.\n","modified":"2026-04-16T06:25:21.439242395Z","published":"2018-10-30T18:01:43Z","upstream":["CVE-2018-10858","CVE-2018-10919"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0424.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23444"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2018-10858.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2018-10919.html"},{"type":"WEB","url":"https://www.samba.org/samba/history/samba-4.6.13.html"},{"type":"WEB","url":"https://www.samba.org/samba/history/samba-4.6.14.html"},{"type":"WEB","url":"https://www.samba.org/samba/history/samba-4.6.15.html"},{"type":"WEB","url":"https://www.samba.org/samba/history/samba-4.6.16.html"}],"affected":[{"package":{"name":"samba","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/samba?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.6.16-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0424.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}