MGASA-2019-0152

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2019-3811 CVE-2019-3824

Published: 07 May 2019, 21:38

Last modified:16 Apr 2026, 04:43

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 May 2019, 21:38

Published

Vulnerability first disclosed

16 Apr 2026, 04:43

Last Modified

Vulnerability information updated

Description

Updated ldb packages fix security vulnerability Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, resulting in denial of service (CVE-2019-3824). The ldb package has been updated to version 1.2.4 to fix this issue. The sssd and samba packages have been rebuilt against the updated ldb. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. (CVE-2019-3811)

Affected Systems

mageia•ldb
< 1.2.4-1.mga6
mageia•samba
< 4.7.12-1.2.mga6
mageia•sssd
< 1.13.4-9.5.mga6

MGASA-2019-0152

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)