Debian Security Advisory
DSA-4271-1 samba -- security update
- Date Reported:
- 14 Aug 2018
- Affected Packages:
- samba
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-10858, CVE-2018-10919.
- More information:
-
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
- CVE-2018-10858
Svyatoslav Phirsov discovered that insufficient input validation in libsmbclient allowed a malicious Samba server to write to the client's heap memory.
- CVE-2018-10919
Phillip Kuhrt discovered that Samba when acting as an Active Domain controller disclosed some sensitive attributes.
For the stable distribution (stretch), these problems have been fixed in version 2:4.5.12+dfsg-2+deb9u3.
We recommend that you upgrade your samba packages.
For the detailed security status of samba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/samba
- CVE-2018-10858