==========================================================================
Ubuntu Security Notice USN-4217-1
December 10, 2019
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Samba.
Software Description:
– samba: SMB/CIFS file, print, and login server for Unix
Details:
Andreas Oster discovered that the Samba DNS management server incorrectly
handled certain records. An authenticated attacker could possibly use this
issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)
Isaac Boukris discovered that Samba did not enforce the Kerberos
DelegationNotAllowed feature restriction, contrary to expectations.
(CVE-2019-14870)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
libsmbclient 2:4.10.7+dfsg-0ubuntu2.3
samba 2:4.10.7+dfsg-0ubuntu2.3
Ubuntu 19.04:
libsmbclient 2:4.10.0+dfsg-0ubuntu2.7
samba 2:4.10.0+dfsg-0ubuntu2.7
Ubuntu 18.04 LTS:
libsmbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.14
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.14
Ubuntu 16.04 LTS:
libsmbclient 2:4.3.11+dfsg-0ubuntu0.16.04.24
samba 2:4.3.11+dfsg-0ubuntu0.16.04.24
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4217-1
CVE-2019-14861, CVE-2019-14870
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.3
https://launchpad.net/ubuntu/+source/samba/2:4.10.0+dfsg-0ubuntu2.7
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.14
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.24
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3vm+wACgkQZWnYVadE
vpMcow//RHSnnxdzp5fjPr9nCj7vcK1mILbEmbchtwabjJSLBOLwr85l2Gl74nLE
RkSgIBR7lr3T2YYn628KAe6FbJHmDPEpnMCTWgR4EHQAqFHMD3i3CU70l9R0VZAs
VPoymiAEXlvQVGF1rGsfB4IDBxopEF+K/tr286dZ+FJUBp217jc22ozH9k6qccMl
Oap7yRSZPuPrM8uH/o5ZlYzv4oKEt6TD6OM3lfWxtVHalIaM4sUUbF8uJDTYsug6
rinaAKZM4xozYQo7i88PN0UYEq5LVKgMMPmGb3/XW7vLufc1OsCegAxKM5SME2T2
qbGtRUn8CWqD9sSl+swJwn84cjMWwN/c3RDGfSTex/rRtUP9afOLJF6ZqEpInB5s
EaPF0rEnBFgj66cqG2t7qEyTA5gYVFe95diVNAITKGKPzRrDpWMpQF3VmAeOmaM9
omqYBoCCaSr5UCI6Oy8EW6Lx093ftJcJ/fYvLGB8mG+8pr7RIL6Qa3WayCVHlVp+
Vb/PAdUqedJ6bvn6ddX5wL0uI+v1RinP4+r/ZDFzKzAjc8ehabediAYLiL7tL7x7
/vGhYEtYDvgfg3Xyp8qmK3fD7YP6y6R+MfzVlW2rejcJdp1rBzKQfNgc6EVFs4xC
7GnErS3UuAxp0KEhh1A7A1qKjdV8zfHl1YhkEPnm65RpuTKlZdM=
=zhp2
—–END PGP SIGNATURE—–
—