Tuesday, May 14, 2019

[USN-3976-1] Samba vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzavXEACgkQZWnYVadE
vpOxIhAAgmsJ54+CQf800F25zfjigV8zl+M5OmWSJrEtFv01r2diO0Mc673aVJ/+
Wg+CQQPCO1+oso++DVTbu7RvH6+rwhoc5szJZLyFuyQ/IiEglywcHNN+pkK5c3aR
5VSgnQB/4Jx1CMYzXRZYoRfkLcDum0YzqmxHAKsCGeyyhBjps+Usppm5KBA6mic9
DK8tY4UoPZcRn+Lg01y+IXdJNNEzIbR7dP3pQuip98GcuWAmASYG2YRLQFhMBZEy
XxoQtUEoUSEe8s3T40VCTqYrjeU1XEo1MjxOLjwwazzkhxhJNtPSzPEB18itht6E
GnK/DqxJheBDBvVw6Vv33mPF6zba2XTrzUBQfscY4BA75uhhe/yx3tHtbg+x6HFh
kD1Ycjc6VRlqmcAoH6CDmsOBZXPp5vjCNaAv8QxrMk1w073hlWbmEJHB23gKWPm6
nHPTD8nnw0R/O/K3bHD7DAR9O+HEQ6c/ug3scHyDW2FjJi/sxk8xBlYZXUBfy3MK
LWxqXpjDQ+QN2qkZTH20HIeZlH02VjzZ+bsMr0HVPgW94oacLdgBXTRsZirHx368
ioCGdURipp+VfD9O6Sl8sp4yFS24brTnlbnnf4sieCTYweR9ujpPJmF6tLdgajx9
OC2DnFpUqiWAY9QG64JPNraxB8LvOrqHLv7s/FchcZJkeDqxxPU=
=3g+X
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3976-1
May 14, 2019

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Samba could allow unintended access to network services.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked
S4U2Self packets. In certain environments, a remote attacker could possibly
use this issue to escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
samba 2:4.10.0+dfsg-0ubuntu2.1

Ubuntu 18.10:
samba 2:4.8.4+dfsg-2ubuntu2.4

Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.10

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.20

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3976-1
CVE-2018-16860

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.10.0+dfsg-0ubuntu2.1
https://launchpad.net/ubuntu/+source/samba/2:4.8.4+dfsg-2ubuntu2.4
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.10
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.20

No comments:

Post a Comment