CVE-2018-10919

NameCVE-2018-10919
DescriptionThe Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1539-1, DSA-4271-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)jessie, jessie (lts)2:4.2.14+dfsg-0+deb8u15fixed
stretch (security), stretch (lts), stretch2:4.5.16+dfsg-1+deb9u4fixed
buster2:4.9.5+dfsg-5+deb10u3fixed
buster (security)2:4.9.5+dfsg-5+deb10u4fixed
bullseye2:4.13.13+dfsg-1~deb11u5fixed
bullseye (security)2:4.13.13+dfsg-1~deb11u6fixed
bookworm (security), bookworm2:4.17.12+dfsg-0+deb12u1fixed
trixie2:4.19.5+dfsg-1fixed
sid2:4.19.5+dfsg-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasourcewheezy(not affected)
sambasourcejessie2:4.2.14+dfsg-0+deb8u10DLA-1539-1
sambasourcestretch2:4.5.12+dfsg-2+deb9u3DSA-4271-1
sambasource(unstable)2:4.8.4+dfsg-1

Notes

https://www.samba.org/samba/security/CVE-2018-10919.html
[wheezy] - samba <not-affected> (vulnerable code is not present)

Search for package or bug name: Reporting problems