MGASA-2023-0247
Advisory lineage Upstream: 5 Downstream: 0
Published: 23 Aug 2023, 19:56
Last modified:16 Apr 2026, 04:22
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Aug 2023, 19:56
Published
Vulnerability first disclosed
16 Apr 2026, 04:22
Last Modified
Vulnerability information updated
Description
Updated samba packages fix security vulnerability Out-of-bounds read due to insufficient length checks in winbindd_pam_auth_crap.c (CVE-2022-2127) Improper SMB2 packet signing mechanism leading to man in the middle risk (CVE-2023-3347) Infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight (CVE-2023-34966) Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight (CVE-2023-34967) Path disclosure vulnerability in the Spotlight protocol (CVE-2023-34968)
Affected Systems
- mageia•samba
< 4.16.11-1.mga8
References (9)
- https://advisories.mageia.org/MGASA-2023-0247.html
- https://bugs.mageia.org/show_bug.cgi?id=32152
- https://www.samba.org/samba/security/CVE-2023-34967.html
- https://www.samba.org/samba/security/CVE-2022-2127.html
- https://www.samba.org/samba/security/CVE-2023-34968.html
- https://www.samba.org/samba/security/CVE-2023-34966.html
- https://www.samba.org/samba/security/CVE-2023-3347.html
- https://www.samba.org/samba/history/samba-4.16.11.html
- https://www.samba.org/samba/history/samba-4.17.10.html