[3.5] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10919)
CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
(from redmine: issue id 9253, created on 2018-08-16, closed on 2018-08-23)
- Relations:
- copied_to #9248 (closed)
- parent #9248 (closed)
- Changesets:
- Revision 4546f9e3 on 2018-08-22T13:12:34Z:
main/samba: security fixes (CVE-2018-10858, CVE-2018-10919
Fixes #9253