{"id":"MGASA-2018-0201","summary":"Updated samba packages fix security vulnerabilities","details":"It was discovered that Samba is prone to a denial of service attack when\nthe RPC spoolss service is configured to be run as an external daemon\n(CVE-2018-1050).\n\nBjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP\nserver incorrectly validates permissions to modify passwords over LDAP\nallowing authenticated users to change any other users passwords,\nincluding administrative users (CVE-2018-1057).\n\nNote that Mageia 5 was only affected by the CVE-2018-1050 issue.\n","modified":"2026-01-31T16:01:32.872030Z","published":"2018-04-13T20:08:48Z","related":["CVE-2018-1050","CVE-2018-1057"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0201.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22765"},{"type":"REPORT","url":"https://www.samba.org/samba/security/CVE-2018-1050.html"},{"type":"REPORT","url":"https://www.samba.org/samba/security/CVE-2018-1057.html"},{"type":"REPORT","url":"https://www.debian.org/security/2018/dsa-4135"}],"affected":[{"package":{"name":"samba","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/samba?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.25-2.9.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0201.json"}},{"package":{"name":"samba","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/samba?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.6.12-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0201.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}