==========================================================================
Ubuntu Security Notice USN-4341-1
April 28, 2020
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Samba.
Software Description:
– samba: SMB/CIFS file, print, and login server for Unix
Details:
Andrei Popa discovered that Samba incorrectly handled certain LDAP queries.
A remote attacker could use this issue to cause Samba to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700)
It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
samba 2:4.11.6+dfsg-0ubuntu1.1
Ubuntu 19.10:
samba 2:4.10.7+dfsg-0ubuntu2.5
Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.16
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.26
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4341-1
CVE-2020-10700, CVE-2020-10704
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.11.6+dfsg-0ubuntu1.1
https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.5
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.16
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.26
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6odisACgkQZWnYVadE
vpPwUQ/8DpqeDswlLGXwTEAOY8qozDcJ17gPbLHIvzeW0auNFLt/UEdw46HlgFha
4cliVIklOmmcuS+jfCqZYWM/sFNIo3yR7MlF3bSZihwUA9ukvQQU0HVXZJ9M5xX2
r59PyFlOpg1zPGhUXlelSXkFNogHt0jBq/F/a9mwaNHTHrkcGIyYneSdE+MU50D5
8VPs/dv1M9e9XPai5M5uAf/mRIvzvPtBjEeKVV917bY3LfNyjEv72D2/T3siZIYt
SEfwTk8BbA43oDsT0ei4LGEx6BbdRTEq7xj8uCFMryueEGcR/v1IRPhA2CdcZyWf
umHj4XBiXZ41fCktEYgRc6v5/uebT2MmeIUaALA4WxZ9iHPuKxNBaReZ5OkBCpq3
L6A5Soqx6LwIXKrTX4l03ozGrWfbQUI7y6DPXq6g72MtfWl19nPENAX5wFsSSlmb
fbMv7QZ3z5rsE3XPB+I1TIaFbK/RMvZpp5Asx0lboiekvTmNu1EEYmlqXbQ0Tl2k
WHEcXQ7j5XrWtcTAaLsPh23iIioj872zl1IifU825MzKbGEEJWC5Oov67fuLaJII
T29rHCzrsUqRhrKrQVfTfgDDdi5WuRRGoKUVbxMJJqSjGiXol3Ddc924nyQpjPC1
WOl3vPR5elYVlrtwgVd3QZJeoD8E+EIEVocruTzOVD0hyNVDHVs=
=6H0x
—–END PGP SIGNATURE—–
—