MGASA-2020-0058

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2019-14902 CVE-2019-14907 CVE-2019-19344

Published: 28 Jan 2020, 07:52

Last modified:16 Apr 2026, 04:43

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Jan 2020, 07:52

Published

Vulnerability first disclosed

16 Apr 2026, 04:43

Last Modified

Vulnerability information updated

Description

Updated samba packages fix security vulnerabilities The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers (CVE-2019-14902). When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs. This can cause a crash after the failed character conversion when operating at log level 3 or above (CVE-2019-14907). During DNS zone scavenging (of expired dynamic entries) in a Samba AD DC, there is a read of memory after it has been freed (CVE-2019-19344). Note that manual intervention is required to fully implement the fix for CVE-2019-14902. See the upstream advisory for details.

Affected Systems

mageia•samba
< 4.10.12-1.mga7

MGASA-2020-0058

Vulnerability Summary

Timeline

Description

Affected Systems

References (7)