AVG-651 log
| Package | samba |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 4.7.5-1 |
| Fixed | 4.7.6-1 |
| Current |
4.20.0-3 [extra-testing] 4.20.0-2 [extra] |
| Ticket | None |
| Created | Tue Mar 13 12:43:54 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-1057 | Critical | Yes | Access restriction bypass | On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. |
| CVE-2018-1050 | Medium | Yes | Denial of service | All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 13 Mar 2018 | ASA-201803-10 | samba | multiple issues |
| References |
|---|
https://lists.samba.org/archive/samba-announce/2018/000435.html |