As per samba upstream advisory:
Due to incorrect values used as the limit for a loop and as the 'count' parameter to memcpy(), the server, receiving a specially crafted message, leaves an array of structures partially uninitialized, or accesses an arbitrary element beyond the end of an array.
Outcomes achievable by an attacker include segmentation faults and corresponding loss of availability. Depending on the contents of the uninitialized memory, confidentiality may also be affected.
Created samba tracking bugs for this issue:
Affects: fedora-all [bug 2111732]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):