Details of VAR-202001-0554

ID

VAR-202001-0554

CVE

CVE-2019-14907

TITLE

samba Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-014366

DESCRIPTION

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). samba Contains an out-of-bounds read vulnerability.Denial of service operation (DoS) May be in a state. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. A buffer error vulnerability exists in Samba versions 4.9.x prior to 4.9.18, 4.10.x prior to 4.10.12, and 4.11.x prior to 4.11.5. An attacker could exploit this vulnerability by sending a specially crafted string to cause a long-lived process to terminate. ========================================================================== Ubuntu Security Notice USN-4244-1 January 21, 2020 samba vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Samba. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14907) Christian Naumer discovered that Samba incorrectly handled DNS zone scavenging. This issue could possibly result in some incorrect data being written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19344) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: samba 2:4.10.7+dfsg-0ubuntu2.4 Ubuntu 19.04: samba 2:4.10.0+dfsg-0ubuntu2.8 Ubuntu 18.04 LTS: samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 Ubuntu 16.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.16.04.25 In general, a standard system update will make all the necessary changes. The Windows Explorer did not display the DFS redirects properly and instead of showing the redirects as directories, Samba displayed the redirects as files. With this fix, the Samba's vfs_glusterfs module has been fixed so that DFS redirects now work as expected. For details on migrating Samba/CTDB configuration files, refer to: https://access.redhat.com/solutions/4311261 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Samba: Multiple vulnerabilities Date: March 25, 2020 Bugs: #664316, #672140, #686036, #693558, #702928, #706144 ID: 202003-52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Samba, the worst of which could lead to remote code execution. Background ========== Samba is a suite of SMB and CIFS client/server programs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 4.11.6 *>= 4.9.18 *>= 4.10.13 *>= 4.11.6 Description =========== Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Samba 4.9.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.9.18" All Samba 4.10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.10.13" All Samba 4.11.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.11.6" References ========== [ 1 ] CVE-2018-10858 https://nvd.nist.gov/vuln/detail/CVE-2018-10858 [ 2 ] CVE-2018-10918 https://nvd.nist.gov/vuln/detail/CVE-2018-10918 [ 3 ] CVE-2018-10919 https://nvd.nist.gov/vuln/detail/CVE-2018-10919 [ 4 ] CVE-2018-1139 https://nvd.nist.gov/vuln/detail/CVE-2018-1139 [ 5 ] CVE-2018-1140 https://nvd.nist.gov/vuln/detail/CVE-2018-1140 [ 6 ] CVE-2018-14629 https://nvd.nist.gov/vuln/detail/CVE-2018-14629 [ 7 ] CVE-2018-16841 https://nvd.nist.gov/vuln/detail/CVE-2018-16841 [ 8 ] CVE-2018-16851 https://nvd.nist.gov/vuln/detail/CVE-2018-16851 [ 9 ] CVE-2018-16852 https://nvd.nist.gov/vuln/detail/CVE-2018-16852 [ 10 ] CVE-2018-16853 https://nvd.nist.gov/vuln/detail/CVE-2018-16853 [ 11 ] CVE-2018-16857 https://nvd.nist.gov/vuln/detail/CVE-2018-16857 [ 12 ] CVE-2018-16860 https://nvd.nist.gov/vuln/detail/CVE-2018-16860 [ 13 ] CVE-2019-10197 https://nvd.nist.gov/vuln/detail/CVE-2019-10197 [ 14 ] CVE-2019-14861 https://nvd.nist.gov/vuln/detail/CVE-2019-14861 [ 15 ] CVE-2019-14870 https://nvd.nist.gov/vuln/detail/CVE-2019-14870 [ 16 ] CVE-2019-14902 https://nvd.nist.gov/vuln/detail/CVE-2019-14902 [ 17 ] CVE-2019-14907 https://nvd.nist.gov/vuln/detail/CVE-2019-14907 [ 18 ] CVE-2019-19344 https://nvd.nist.gov/vuln/detail/CVE-2019-19344 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-52 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security, bug fix, and enhancement update Advisory ID: RHSA-2020:3981-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3981 Issue date: 2020-09-29 CVE Names: CVE-2019-14907 ==================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.10.16). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1737888 - Libwbclient alternatives manual setting lost 1776333 - CLI tools printing "Unable to initialize messaging context" running as non root 1785121 - Rebase Samba to the the latest 4.10.x maintenance release 1791207 - CVE-2019-14907 samba: Crash after failed character conversion at log level 3 or above 1791823 - wbinfo -K doesn't work for users of trusted domains/forests 1801496 - Missing directories in ctdb package 1813017 - Can't get 'log events generated from smbclient' 1828354 - After adding "additional dns hostname" to smb.conf it does not generate /etc/krb5.keytab with the proper SPN. 1828924 - Fix 'require_membership_of' documentation in pam_winbind manpages 1831986 - unprivileged user should be able to read-only to gencache.tdb instead of permission denied 1836427 - net ads join use of netbios+realm breaks GSSAPI authentication 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: samba-4.10.16-5.el7.src.rpm noarch: samba-common-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-4.10.16-5.el7.i686.rpm libsmbclient-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.i686.rpm libwbclient-4.10.16-5.el7.x86_64.rpm samba-client-4.10.16-5.el7.x86_64.rpm samba-client-libs-4.10.16-5.el7.i686.rpm samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-libs-4.10.16-5.el7.i686.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm samba-common-tools-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-krb5-printing-4.10.16-5.el7.x86_64.rpm samba-libs-4.10.16-5.el7.i686.rpm samba-libs-4.10.16-5.el7.x86_64.rpm samba-winbind-4.10.16-5.el7.x86_64.rpm samba-winbind-clients-4.10.16-5.el7.x86_64.rpm samba-winbind-modules-4.10.16-5.el7.i686.rpm samba-winbind-modules-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: samba-pidl-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-devel-4.10.16-5.el7.i686.rpm libsmbclient-devel-4.10.16-5.el7.x86_64.rpm libwbclient-devel-4.10.16-5.el7.i686.rpm libwbclient-devel-4.10.16-5.el7.x86_64.rpm samba-4.10.16-5.el7.x86_64.rpm samba-dc-4.10.16-5.el7.x86_64.rpm samba-dc-libs-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-devel-4.10.16-5.el7.i686.rpm samba-devel-4.10.16-5.el7.x86_64.rpm samba-python-4.10.16-5.el7.i686.rpm samba-python-4.10.16-5.el7.x86_64.rpm samba-python-test-4.10.16-5.el7.x86_64.rpm samba-test-4.10.16-5.el7.x86_64.rpm samba-test-libs-4.10.16-5.el7.i686.rpm samba-test-libs-4.10.16-5.el7.x86_64.rpm samba-vfs-glusterfs-4.10.16-5.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: samba-4.10.16-5.el7.src.rpm noarch: samba-common-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-4.10.16-5.el7.i686.rpm libsmbclient-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.i686.rpm libwbclient-4.10.16-5.el7.x86_64.rpm samba-client-4.10.16-5.el7.x86_64.rpm samba-client-libs-4.10.16-5.el7.i686.rpm samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-libs-4.10.16-5.el7.i686.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm samba-common-tools-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-libs-4.10.16-5.el7.i686.rpm samba-libs-4.10.16-5.el7.x86_64.rpm samba-winbind-4.10.16-5.el7.x86_64.rpm samba-winbind-clients-4.10.16-5.el7.x86_64.rpm samba-winbind-modules-4.10.16-5.el7.i686.rpm samba-winbind-modules-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: samba-pidl-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-devel-4.10.16-5.el7.i686.rpm libsmbclient-devel-4.10.16-5.el7.x86_64.rpm libwbclient-devel-4.10.16-5.el7.i686.rpm libwbclient-devel-4.10.16-5.el7.x86_64.rpm samba-4.10.16-5.el7.x86_64.rpm samba-dc-4.10.16-5.el7.x86_64.rpm samba-dc-libs-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-devel-4.10.16-5.el7.i686.rpm samba-devel-4.10.16-5.el7.x86_64.rpm samba-krb5-printing-4.10.16-5.el7.x86_64.rpm samba-python-4.10.16-5.el7.i686.rpm samba-python-4.10.16-5.el7.x86_64.rpm samba-python-test-4.10.16-5.el7.x86_64.rpm samba-test-4.10.16-5.el7.x86_64.rpm samba-test-libs-4.10.16-5.el7.i686.rpm samba-test-libs-4.10.16-5.el7.x86_64.rpm samba-vfs-glusterfs-4.10.16-5.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: samba-4.10.16-5.el7.src.rpm noarch: samba-common-4.10.16-5.el7.noarch.rpm ppc64: libsmbclient-4.10.16-5.el7.ppc.rpm libsmbclient-4.10.16-5.el7.ppc64.rpm libwbclient-4.10.16-5.el7.ppc.rpm libwbclient-4.10.16-5.el7.ppc64.rpm samba-4.10.16-5.el7.ppc64.rpm samba-client-4.10.16-5.el7.ppc64.rpm samba-client-libs-4.10.16-5.el7.ppc.rpm samba-client-libs-4.10.16-5.el7.ppc64.rpm samba-common-libs-4.10.16-5.el7.ppc.rpm samba-common-libs-4.10.16-5.el7.ppc64.rpm samba-common-tools-4.10.16-5.el7.ppc64.rpm samba-debuginfo-4.10.16-5.el7.ppc.rpm samba-debuginfo-4.10.16-5.el7.ppc64.rpm samba-krb5-printing-4.10.16-5.el7.ppc64.rpm samba-libs-4.10.16-5.el7.ppc.rpm samba-libs-4.10.16-5.el7.ppc64.rpm samba-winbind-4.10.16-5.el7.ppc64.rpm samba-winbind-clients-4.10.16-5.el7.ppc64.rpm samba-winbind-modules-4.10.16-5.el7.ppc.rpm samba-winbind-modules-4.10.16-5.el7.ppc64.rpm ppc64le: libsmbclient-4.10.16-5.el7.ppc64le.rpm libwbclient-4.10.16-5.el7.ppc64le.rpm samba-4.10.16-5.el7.ppc64le.rpm samba-client-4.10.16-5.el7.ppc64le.rpm samba-client-libs-4.10.16-5.el7.ppc64le.rpm samba-common-libs-4.10.16-5.el7.ppc64le.rpm samba-common-tools-4.10.16-5.el7.ppc64le.rpm samba-debuginfo-4.10.16-5.el7.ppc64le.rpm samba-krb5-printing-4.10.16-5.el7.ppc64le.rpm samba-libs-4.10.16-5.el7.ppc64le.rpm samba-winbind-4.10.16-5.el7.ppc64le.rpm samba-winbind-clients-4.10.16-5.el7.ppc64le.rpm samba-winbind-modules-4.10.16-5.el7.ppc64le.rpm s390x: libsmbclient-4.10.16-5.el7.s390.rpm libsmbclient-4.10.16-5.el7.s390x.rpm libwbclient-4.10.16-5.el7.s390.rpm libwbclient-4.10.16-5.el7.s390x.rpm samba-4.10.16-5.el7.s390x.rpm samba-client-4.10.16-5.el7.s390x.rpm samba-client-libs-4.10.16-5.el7.s390.rpm samba-client-libs-4.10.16-5.el7.s390x.rpm samba-common-libs-4.10.16-5.el7.s390.rpm samba-common-libs-4.10.16-5.el7.s390x.rpm samba-common-tools-4.10.16-5.el7.s390x.rpm samba-debuginfo-4.10.16-5.el7.s390.rpm samba-debuginfo-4.10.16-5.el7.s390x.rpm samba-krb5-printing-4.10.16-5.el7.s390x.rpm samba-libs-4.10.16-5.el7.s390.rpm samba-libs-4.10.16-5.el7.s390x.rpm samba-winbind-4.10.16-5.el7.s390x.rpm samba-winbind-clients-4.10.16-5.el7.s390x.rpm samba-winbind-modules-4.10.16-5.el7.s390.rpm samba-winbind-modules-4.10.16-5.el7.s390x.rpm x86_64: libsmbclient-4.10.16-5.el7.i686.rpm libsmbclient-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.i686.rpm libwbclient-4.10.16-5.el7.x86_64.rpm samba-4.10.16-5.el7.x86_64.rpm samba-client-4.10.16-5.el7.x86_64.rpm samba-client-libs-4.10.16-5.el7.i686.rpm samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-libs-4.10.16-5.el7.i686.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm samba-common-tools-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-krb5-printing-4.10.16-5.el7.x86_64.rpm samba-libs-4.10.16-5.el7.i686.rpm samba-libs-4.10.16-5.el7.x86_64.rpm samba-python-4.10.16-5.el7.i686.rpm samba-python-4.10.16-5.el7.x86_64.rpm samba-winbind-4.10.16-5.el7.x86_64.rpm samba-winbind-clients-4.10.16-5.el7.x86_64.rpm samba-winbind-modules-4.10.16-5.el7.i686.rpm samba-winbind-modules-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Server Resilient Storage (v. 7): ppc64le: ctdb-4.10.16-5.el7.ppc64le.rpm ctdb-tests-4.10.16-5.el7.ppc64le.rpm samba-debuginfo-4.10.16-5.el7.ppc64le.rpm s390x: ctdb-4.10.16-5.el7.s390x.rpm ctdb-tests-4.10.16-5.el7.s390x.rpm samba-debuginfo-4.10.16-5.el7.s390x.rpm x86_64: ctdb-4.10.16-5.el7.x86_64.rpm ctdb-tests-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: samba-pidl-4.10.16-5.el7.noarch.rpm ppc64: libsmbclient-devel-4.10.16-5.el7.ppc.rpm libsmbclient-devel-4.10.16-5.el7.ppc64.rpm libwbclient-devel-4.10.16-5.el7.ppc.rpm libwbclient-devel-4.10.16-5.el7.ppc64.rpm samba-dc-4.10.16-5.el7.ppc64.rpm samba-dc-libs-4.10.16-5.el7.ppc64.rpm samba-debuginfo-4.10.16-5.el7.ppc.rpm samba-debuginfo-4.10.16-5.el7.ppc64.rpm samba-devel-4.10.16-5.el7.ppc.rpm samba-devel-4.10.16-5.el7.ppc64.rpm samba-python-4.10.16-5.el7.ppc.rpm samba-python-4.10.16-5.el7.ppc64.rpm samba-python-test-4.10.16-5.el7.ppc64.rpm samba-test-4.10.16-5.el7.ppc64.rpm samba-test-libs-4.10.16-5.el7.ppc.rpm samba-test-libs-4.10.16-5.el7.ppc64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.ppc64.rpm ppc64le: libsmbclient-devel-4.10.16-5.el7.ppc64le.rpm libwbclient-devel-4.10.16-5.el7.ppc64le.rpm samba-dc-4.10.16-5.el7.ppc64le.rpm samba-dc-libs-4.10.16-5.el7.ppc64le.rpm samba-debuginfo-4.10.16-5.el7.ppc64le.rpm samba-devel-4.10.16-5.el7.ppc64le.rpm samba-python-4.10.16-5.el7.ppc64le.rpm samba-python-test-4.10.16-5.el7.ppc64le.rpm samba-test-4.10.16-5.el7.ppc64le.rpm samba-test-libs-4.10.16-5.el7.ppc64le.rpm samba-winbind-krb5-locator-4.10.16-5.el7.ppc64le.rpm s390x: libsmbclient-devel-4.10.16-5.el7.s390.rpm libsmbclient-devel-4.10.16-5.el7.s390x.rpm libwbclient-devel-4.10.16-5.el7.s390.rpm libwbclient-devel-4.10.16-5.el7.s390x.rpm samba-dc-4.10.16-5.el7.s390x.rpm samba-dc-libs-4.10.16-5.el7.s390x.rpm samba-debuginfo-4.10.16-5.el7.s390.rpm samba-debuginfo-4.10.16-5.el7.s390x.rpm samba-devel-4.10.16-5.el7.s390.rpm samba-devel-4.10.16-5.el7.s390x.rpm samba-python-4.10.16-5.el7.s390.rpm samba-python-4.10.16-5.el7.s390x.rpm samba-python-test-4.10.16-5.el7.s390x.rpm samba-test-4.10.16-5.el7.s390x.rpm samba-test-libs-4.10.16-5.el7.s390.rpm samba-test-libs-4.10.16-5.el7.s390x.rpm samba-winbind-krb5-locator-4.10.16-5.el7.s390x.rpm x86_64: libsmbclient-devel-4.10.16-5.el7.i686.rpm libsmbclient-devel-4.10.16-5.el7.x86_64.rpm libwbclient-devel-4.10.16-5.el7.i686.rpm libwbclient-devel-4.10.16-5.el7.x86_64.rpm samba-dc-4.10.16-5.el7.x86_64.rpm samba-dc-libs-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-devel-4.10.16-5.el7.i686.rpm samba-devel-4.10.16-5.el7.x86_64.rpm samba-python-test-4.10.16-5.el7.x86_64.rpm samba-test-4.10.16-5.el7.x86_64.rpm samba-test-libs-4.10.16-5.el7.i686.rpm samba-test-libs-4.10.16-5.el7.x86_64.rpm samba-vfs-glusterfs-4.10.16-5.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: samba-4.10.16-5.el7.src.rpm noarch: samba-common-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-4.10.16-5.el7.i686.rpm libsmbclient-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.i686.rpm libwbclient-4.10.16-5.el7.x86_64.rpm samba-4.10.16-5.el7.x86_64.rpm samba-client-4.10.16-5.el7.x86_64.rpm samba-client-libs-4.10.16-5.el7.i686.rpm samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-libs-4.10.16-5.el7.i686.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm samba-common-tools-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-krb5-printing-4.10.16-5.el7.x86_64.rpm samba-libs-4.10.16-5.el7.i686.rpm samba-libs-4.10.16-5.el7.x86_64.rpm samba-python-4.10.16-5.el7.i686.rpm samba-python-4.10.16-5.el7.x86_64.rpm samba-winbind-4.10.16-5.el7.x86_64.rpm samba-winbind-clients-4.10.16-5.el7.x86_64.rpm samba-winbind-modules-4.10.16-5.el7.i686.rpm samba-winbind-modules-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: samba-pidl-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-devel-4.10.16-5.el7.i686.rpm libsmbclient-devel-4.10.16-5.el7.x86_64.rpm libwbclient-devel-4.10.16-5.el7.i686.rpm libwbclient-devel-4.10.16-5.el7.x86_64.rpm samba-dc-4.10.16-5.el7.x86_64.rpm samba-dc-libs-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-devel-4.10.16-5.el7.i686.rpm samba-devel-4.10.16-5.el7.x86_64.rpm samba-python-test-4.10.16-5.el7.x86_64.rpm samba-test-4.10.16-5.el7.x86_64.rpm samba-test-libs-4.10.16-5.el7.i686.rpm samba-test-libs-4.10.16-5.el7.x86_64.rpm samba-vfs-glusterfs-4.10.16-5.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14907 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OhAdzjgjWX9erEAQiKmg//Zm9RRxpptm9hbO8JP2LaIP6kkQrv18HL a/jBhSlHnueskPF4aiJ5vlncq4rZ702MwyFeudzYX7qTuDQY5XvzxiA6Q9E8r/J0 eQicSIc/rexQUBiKmnDg6qdK24eW81BYl6ieIqdqw8W5hnXGTChamgOpvhPIyRx+ ZuLep8AH0v1Ond7o4Vxxs2B8tpKh/bQ+jcMF3wZg8DhsqbWeOQAqkCz/glfD1Am2 gUdfwSVmPyPoCP9flNiULVWnAwTb9JqSIiaPCdqLwusm/BcA1Lpl1D829L0kmpTi cnlKi18hjgFLjij/6dobEfjpUq7b+2HWBuAu8ng2R1hU/v9fxxlnp9vZT6EWns2E +1v6HSdnQrCA31s7SX4LvXHyNte1NIaht+uNfptl0J2PSowRCzBD516fQGoglJIH 4gI5Lb5/w2zEgP09bLP8blP0CztyeKA+T5RGXU/U3zHrCbJx3MK5fgeHeAHhB0EC YKRuNpXXKynv+DSM+OysZOe+X53/oBG8c4qgKT9O+ifgcB+tiLzcOJXq3odGCnv6 yPfkDhF2hBtOPdvOvig7T8MsFVyEO0Cpm963iagz7P1yiR9C/ZW0lJ2unHse6J3k sNCwGHNwTCMwF5cO74vFO9ro/Jys4Vb8+81mVnm9aHSG3/BiLqLRHMxcpAVc6eXG NXdH6tbOksI=Mk7x -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 1710980 - [RFE] Add support for Kerberos KCM credential cache in pam_winbind/winbindd 1746225 - CVE-2019-10197 samba: Combination of parameters and permissions can allow user to escape from the share path definition 1754409 - Rebase Samba to 4.11.x 1754575 - samba: Remove NSS wins and winbind dependency on librt/libpthread as workaround for glibc defect

Trust: 2.25

sources: NVD: CVE-2019-14907 // JVNDB: JVNDB-2019-014366 // VULHUB: VHN-146900 // VULMON: CVE-2019-14907 // PACKETSTORM: 156018 // PACKETSTORM: 156871 // PACKETSTORM: 156915 // PACKETSTORM: 159357 // PACKETSTORM: 157427

AFFECTED PRODUCTS

vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.8
vendor:	synology	model:	directory server	scope:	eq	version:	-	Trust: 1.8
vendor:	samba	model:	samba	scope:	lt	version:	4.10.12	Trust: 1.0
vendor:	samba	model:	samba	scope:	gte	version:	4.10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.2	Trust: 1.0
vendor:	synology	model:	router manager	scope:	eq	version:	1.2	Trust: 1.0
vendor:	samba	model:	samba	scope:	gte	version:	4.11.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	samba	model:	samba	scope:	lt	version:	4.9.18	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	samba	model:	samba	scope:	gte	version:	4.9.0	Trust: 1.0
vendor:	redhat	model:	storage	scope:	eq	version:	3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	samba	model:	samba	scope:	lt	version:	4.11.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	samba	model:	samba	scope:	lt	version:	4.11.x	Trust: 0.8
vendor:	synology	model:	diskstation manager	scope:	eq	version:	-	Trust: 0.8
vendor:	samba	model:	samba	scope:	eq	version:	project	Trust: 0.8
vendor:	samba	model:	samba	scope:	eq	version:	4.11.5	Trust: 0.8
vendor:	synology	model:	router manager	scope:	eq	version:	-	Trust: 0.8
vendor:	samba	model:	samba	scope:	eq	version:	4.10.12	Trust: 0.8
vendor:	レッドハット	model:	red hat enterprise linux	scope:	eq	version:	-	Trust: 0.8
vendor:	レッドハット	model:	red hat storage	scope:	eq	version:	-	Trust: 0.8
vendor:	samba	model:	samba	scope:	eq	version:	4.9.18	Trust: 0.8
vendor:	samba	model:	samba	scope:	lt	version:	4.10.x	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	-	Trust: 0.8
vendor:	samba	model:	samba	scope:	lt	version:	4.9.x	Trust: 0.8

sources: JVNDB: JVNDB-2019-014366 // NVD: CVE-2019-14907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14907
value:	MEDIUM
Trust: 1.0
secalert@redhat.com:	CVE-2019-14907
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-14907
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202001-903
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-146900
value:	LOW
Trust: 0.1
VULMON:	CVE-2019-14907
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-14907
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2019-14907
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-146900
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14907
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2019-14907
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-146900 // VULMON: CVE-2019-14907 // JVNDB: JVNDB-2019-014366 // CNNVD: CNNVD-202001-903 // NVD: CVE-2019-14907 // NVD: CVE-2019-14907

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out of bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-146900 // JVNDB: JVNDB-2019-014366 // NVD: CVE-2019-14907

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 156018 // PACKETSTORM: 156915 // CNNVD: CNNVD-202001-903

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202001-903

PATCH

title:	Bug 1791207	url:	https://usn.ubuntu.com/4244-1/	Trust: 0.8
title:	Samba Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109218	Trust: 0.6
title:	Red Hat: Moderate: samba security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203981 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: samba security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200943 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: samba security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201878 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: samba vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4244-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1452	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1452	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1544	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1544	Trust: 0.1
title:	CVE-2019-14907	url:	https://github.com/JamesGeee/CVE-2019-14907	Trust: 0.1
title:	lllnx	url:	https://github.com/lllnx/lllnx	Trust: 0.1
title:	-	url:	https://github.com/ep-infosec/50_google_honggfuzz	Trust: 0.1
title:	honggfuzz	url:	https://github.com/google/honggfuzz	Trust: 0.1

sources: VULMON: CVE-2019-14907 // JVNDB: JVNDB-2019-014366 // CNNVD: CNNVD-202001-903

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14907	Trust: 3.1
db:	PACKETSTORM	id:	159357	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-014366	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-903	Trust: 0.7
db:	PACKETSTORM	id:	156018	Trust: 0.7
db:	PACKETSTORM	id:	156871	Trust: 0.7
db:	PACKETSTORM	id:	156915	Trust: 0.7
db:	PACKETSTORM	id:	157427	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.1852	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3349	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1478	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0319	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1031	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0297	Trust: 0.6
db:	VULHUB	id:	VHN-146900	Trust: 0.1
db:	VULMON	id:	CVE-2019-14907	Trust: 0.1

sources: VULHUB: VHN-146900 // VULMON: CVE-2019-14907 // JVNDB: JVNDB-2019-014366 // PACKETSTORM: 156018 // PACKETSTORM: 156871 // PACKETSTORM: 156915 // PACKETSTORM: 159357 // PACKETSTORM: 157427 // CNNVD: CNNVD-202001-903 // NVD: CVE-2019-14907

REFERENCES

url:	https://security.gentoo.org/glsa/202003-52	Trust: 1.9
url:	https://usn.ubuntu.com/4244-1/	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14907	Trust: 1.9
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14907	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20200122-0001/	Trust: 1.8
url:	https://www.synology.com/security/advisory/synology_sa_20_01	Trust: 1.8
url:	https://www.samba.org/samba/security/cve-2019-14907.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html	Trust: 1.8
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4aczvnmifqggxnjpmhavbn3h2u65fxqy/	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gq6u65i2k23yjc4fesw477wl55tu3ppt/	Trust: 1.0
url:	https://access.redhat.com/security/cve/cve-2019-14907	Trust: 0.9
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gq6u65i2k23yjc4fesw477wl55tu3ppt/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4aczvnmifqggxnjpmhavbn3h2u65fxqy/	Trust: 0.8
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200233-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159357/red-hat-security-advisory-2020-3981-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1478/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157427/red-hat-security-advisory-2020-1878-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2019-14907/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3349/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156018/ubuntu-security-notice-usn-4244-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156915/gentoo-linux-security-advisory-202003-52.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1852	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-6/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-samba-vulnerability-issue-on-ibm-storwize-v7000-unified-cve-2019-14907/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0319/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0297/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156871/red-hat-security-advisory-2020-0943-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1031/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/samba-three-vulnerabilities-31386	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2020:3981	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14902	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19344	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10197	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/samba/2:4.10.0+dfsg-0ubuntu2.8	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.15	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.25	Trust: 0.1
url:	https://usn.ubuntu.com/4244-1	Trust: 0.1
url:	https://access.redhat.com/solutions/4311261	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:0943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16841	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16857	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10918	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16860	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14629	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16851	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10858	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16852	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10919	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14861	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16853	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1140	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14870	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1139	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10197	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1878	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index	Trust: 0.1

CREDITS

Ubuntu,Red Hat,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-202001-903

SOURCES

db:	VULHUB	id:	VHN-146900
db:	VULMON	id:	CVE-2019-14907
db:	JVNDB	id:	JVNDB-2019-014366
db:	PACKETSTORM	id:	156018
db:	PACKETSTORM	id:	156871
db:	PACKETSTORM	id:	156915
db:	PACKETSTORM	id:	159357
db:	PACKETSTORM	id:	157427
db:	CNNVD	id:	CNNVD-202001-903
db:	NVD	id:	CVE-2019-14907

LAST UPDATE DATE

2024-11-23T21:29:06.878000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146900	date:	2020-07-10T00:00:00
db:	VULMON	id:	CVE-2019-14907	date:	2022-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-014366	date:	2020-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202001-903	date:	2021-06-01T00:00:00
db:	NVD	id:	CVE-2019-14907	date:	2024-11-21T04:27:39.720

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146900	date:	2020-01-21T00:00:00
db:	VULMON	id:	CVE-2019-14907	date:	2020-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-014366	date:	2020-02-12T00:00:00
db:	PACKETSTORM	id:	156018	date:	2020-01-21T19:09:24
db:	PACKETSTORM	id:	156871	date:	2020-03-23T16:14:36
db:	PACKETSTORM	id:	156915	date:	2020-03-26T14:45:19
db:	PACKETSTORM	id:	159357	date:	2020-09-30T15:44:56
db:	PACKETSTORM	id:	157427	date:	2020-04-28T20:21:10
db:	CNNVD	id:	CNNVD-202001-903	date:	2020-01-21T00:00:00
db:	NVD	id:	CVE-2019-14907	date:	2020-01-21T18:15:12.717