You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa samba

Sigurnosni nedostatak programskog paketa samba

by - 0

==========================================================================
Ubuntu Security Notice USN-4341-2
April 29, 2020

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

Samba could be made to consume resources if it received a specially
crafted LDAP query.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-4341-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4341-2
https://usn.ubuntu.com/4341-1
CVE-2020-10704
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl6pt2MACgkQRbznW4QL
H2mG2A/8CW8KGF8R4/u/jG3ShAd2+BEfec5obU/pC8xh1TJrXtdz+x4kXDg0WZ+3
rOKSIDhTuzr1lwzVu3NvpjjQB1lET+kWJVcsu+3uXoKC3XYHVCLFurY4dobnO2co
61fZyUq3vKVEGoAfdvR174Kz0qsIqOLXw5b8PYe4SuGpDn4XaoyAXB/Le4jambQG
LDMfzrgqvDPjHCChSBwPGs95KP0WWYUVd53AKQowSAWZW7if2Tu2J1+p9Ox0SobW
meTG9qD35bHlnSYkb3PUXOiuPzq/apTKf3tIk1QM33G+fXEs79nGqrmg3/kZn5Nf
97e+oep/gTCI1BJQVhbtuyvLORrM6vHjBLD8Oh0Gz+YEvtnFcwF6XRd9UResXtUm
hA24dRD4NCym28ZTXNXHuYGL2tB9EkHuAMc/t+RaNKaVgsxmXeWGNedg5EJSJ7B3
2d1o4LUeJrVnM/DS+pGCvVUU3htjONFH95pHQx+a7M9e019iu6p28wJzrsiR+qxi
CjjUddA/BLjxqhGrlhrxHhks1Q80pvoN5SlSHYVLiQtEAbfiwy3gsoPMoQZRGyDK
9sd1AbOG/w8CGF/4p3veY1O+lXNQ3x5gmolOWMnnt0JH5Jd61TV9LPZnFlz88Gsl
9yQcjPEsvW6QJra4StN0nkJvnsnLxEzLb31G3fMhBvKYRW2266U=
=PEmQ
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4341-3
April 29, 2020

samba regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

USN-4341-1 introduced a regression in Samba.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-4341-1 fixed vulnerabilities in Samba. The updated packages for
Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.27

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4341-3
https://usn.ubuntu.com/4341-1
https://launchpad.net/bugs/1875798

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.27

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6pmB0ACgkQZWnYVadE
vpM+kg/+PUYEmkKl4XtvZ7gvG1F6IKwY8VaVg5gDGOpV4UhBXwY/qajYmMLVyNoy
p9sABjnpEEZBVKavQle5Nf+w6LPa94CffK4bYdt5oJihGa2No3cKzqLX8LTqO+qV
CZ4mWSvYN3GucHxiKbL1JvneYe7I6WnO9BbAIo+YEeoT7Abc2paUk5u+1iDeukvx
yTt+ZKU+xqjCsPI5eUeE0N42oz8zdiQuZ44mBXQo2/QybYOFvJ+m/9hmFn3CxNB3
dxN3PD9ePZ5qrIILHJA3n9eRe/vuv+pdJpO4/De5KSAJ4lb5D0kKaQRSGdnV3hGa
5HQO9RItni+cn/pcJzBpC87Znsc/W31iT9Cmo3vvEXEUWDgHwkmby/3Dhu6Aety0
5sDNoxYiKSCuuHlFdWghZ7LzY9mO9WNhNsjHl8UMobPVmtuw8rSMIq7OcMMRCVxz
CzHrBgXeWB/Hb1pkHmPhnAWJ30IRsFpnQahpHZS9eOHnypzh+eZlb4PTerq+zHVC
380klvVT0on9LigiPN9zB/48ZPxv47/3KQD0//gFaZnTIJbgp8j34GVuN9hshaqM
CUe9V/Oj06uBHEqzKQuVwSIc+BMOWRUrvTyeM32rf5GJdWXoenUQ9x9jGqLKMMZC
u3npb9c9aDOFyzHJ08F97yW431c/I5y4qQFlkJVPQxF66gbo0kk=
=LcOY
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa vlc

Otkriveni su sigurnosni nedostaci u programskom paketu vlc za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS...

Close