Thursday, March 30, 2017

[USN-3242-2] Samba regression

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJY3U5oAAoJEGVp2FWnRL6TJ70P/RKaVJOBQzoH112bpk/swAYd
wpmyYQ3hHca6CdUDThPv06qYksBfrC7S9lntSAIEXuKIGj/SMv/kJo2t66L1PkLZ
KKPd2UyUjFVgxLwDNoP1LQwYc5wYfl/2ZGAHaKh06MCsM50n55RR+aDeh3EU8W9K
utZtMZGCtAqci0DKyUSsnuBJ358BN0xRSe63IweyjjyLEPkItmr2AcDGqu1VyOaw
Zz/d/n+4pGOxP8DDWQgEuPPzbhCl/451X3hkWsnn+8dTocgeH2AOwjJt91LgWRKE
5d5eK3FE5yzocG3VJ3vpzPsxk+jAp1vI/V/K09+qr+aNlcPUenjmZp/qqIU/UpjA
ZsTniio381bhLfAoeNmZDG9Tozy3vbGpOFoKumutIh6wuEre05wEvAwQLY2uRXW8
vamhZuwvYhHR6Mbxe2nIAqEwwhp7aqokLOXSxnUv4CmXNR/NMTDzh/1MpNfitJ15
6QSKQKzqpycYSXP0EkABmWciaeFT2CHGp2Xs6vw9UxXkooXlzBj+R5j9NtQk6gdZ
MjmGdTdi26MhbdRvIxcrSpycz5fyXddRtS7yrMpHm3/9hlE5mQVlSyLFHe+QvkT7
kVICZbX069SvGHZBdFqaXFcMfVW12ZtQbHzjvkafczlTPOlfz5txxFy981wZGV+f
X8YV9lwq/iqiQqucmqbz
=/hUX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3242-2
March 30, 2017

samba regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

USN-3242-1 introduced a regression in Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a
regression when Samba is configured to disable following symbolic links.

This update fixes the problem.

Original advisory details:

Jann Horn discovered that Samba incorrectly handled symlinks. An
authenticated remote attacker could use this issue to access files on the
server outside of the exported directories.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
samba 2:4.4.5+dfsg-2ubuntu5.5

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.6

Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.7

Ubuntu 12.04 LTS:
samba 2:3.6.25-0ubuntu0.12.04.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3242-2
http://www.ubuntu.com/usn/usn-3242-1
https://launchpad.net/bugs/1675698

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.4.5+dfsg-2ubuntu5.5
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.6
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.7
https://launchpad.net/ubuntu/+source/samba/2:3.6.25-0ubuntu0.12.04.10

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)