You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa samba

Sigurnosni nedostaci programskog paketa samba

by - 0

==========================================================================
Ubuntu Security Notice USN-4217-1
December 10, 2019

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Samba.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

Andreas Oster discovered that the Samba DNS management server incorrectly
handled certain records. An authenticated attacker could possibly use this
issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)

Isaac Boukris discovered that Samba did not enforce the Kerberos
DelegationNotAllowed feature restriction, contrary to expectations.
(CVE-2019-14870)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
libsmbclient 2:4.10.7+dfsg-0ubuntu2.3
samba 2:4.10.7+dfsg-0ubuntu2.3

Ubuntu 19.04:
libsmbclient 2:4.10.0+dfsg-0ubuntu2.7
samba 2:4.10.0+dfsg-0ubuntu2.7

Ubuntu 18.04 LTS:
libsmbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.14
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.14

Ubuntu 16.04 LTS:
libsmbclient 2:4.3.11+dfsg-0ubuntu0.16.04.24
samba 2:4.3.11+dfsg-0ubuntu0.16.04.24

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4217-1
CVE-2019-14861, CVE-2019-14870

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.3
https://launchpad.net/ubuntu/+source/samba/2:4.10.0+dfsg-0ubuntu2.7
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.14
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.24

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3vm+wACgkQZWnYVadE
vpMcow//RHSnnxdzp5fjPr9nCj7vcK1mILbEmbchtwabjJSLBOLwr85l2Gl74nLE
RkSgIBR7lr3T2YYn628KAe6FbJHmDPEpnMCTWgR4EHQAqFHMD3i3CU70l9R0VZAs
VPoymiAEXlvQVGF1rGsfB4IDBxopEF+K/tr286dZ+FJUBp217jc22ozH9k6qccMl
Oap7yRSZPuPrM8uH/o5ZlYzv4oKEt6TD6OM3lfWxtVHalIaM4sUUbF8uJDTYsug6
rinaAKZM4xozYQo7i88PN0UYEq5LVKgMMPmGb3/XW7vLufc1OsCegAxKM5SME2T2
qbGtRUn8CWqD9sSl+swJwn84cjMWwN/c3RDGfSTex/rRtUP9afOLJF6ZqEpInB5s
EaPF0rEnBFgj66cqG2t7qEyTA5gYVFe95diVNAITKGKPzRrDpWMpQF3VmAeOmaM9
omqYBoCCaSr5UCI6Oy8EW6Lx093ftJcJ/fYvLGB8mG+8pr7RIL6Qa3WayCVHlVp+
Vb/PAdUqedJ6bvn6ddX5wL0uI+v1RinP4+r/ZDFzKzAjc8ehabediAYLiL7tL7x7
/vGhYEtYDvgfg3Xyp8qmK3fD7YP6y6R+MfzVlW2rejcJdp1rBzKQfNgc6EVFs4xC
7GnErS3UuAxp0KEhh1A7A1qKjdV8zfHl1YhkEPnm65RpuTKlZdM=
=zhp2
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ose-cluster-kube-controller-manager-operator-container

Otkriven je sigurnosni nedostatak u programskom paketu ose-cluster-kube-controller-manager-operator-container za Red Hat OpenShift Container Platform. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje...

Close