{"id":"MGASA-2023-0247","summary":"Updated samba packages fix security vulnerability","details":"Out-of-bounds read due to insufficient length checks in\nwinbindd_pam_auth_crap.c (CVE-2022-2127)\nImproper SMB2 packet signing mechanism leading to man in the middle risk\n(CVE-2023-3347)\nInfinite loop vulnerability was found in Samba's mdssvc RPC service for\nSpotlight (CVE-2023-34966)\nType Confusion vulnerability was found in Samba's mdssvc RPC service for\nSpotlight (CVE-2023-34967)\nPath disclosure vulnerability in the Spotlight protocol (CVE-2023-34968)\n","modified":"2026-04-16T00:11:08.377765374Z","published":"2023-08-23T19:56:41Z","upstream":["CVE-2022-2127","CVE-2023-3347","CVE-2023-34966","CVE-2023-34967","CVE-2023-34968"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0247.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32152"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2023-34967.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2022-2127.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2023-34968.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2023-34966.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2023-3347.html"},{"type":"WEB","url":"https://www.samba.org/samba/history/samba-4.16.11.html"},{"type":"WEB","url":"https://www.samba.org/samba/history/samba-4.17.10.html"}],"affected":[{"package":{"name":"samba","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/samba?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.16.11-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0247.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}