==========================================================================
Ubuntu Security Notice USN-2257-1
June 26, 2014
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Samba.
Software Description:
– samba: SMB/CIFS file, print, and login server for Unix
Details:
Christof Schmitt discovered that Samba incorrectly initialized a certain
response field when vfs shadow copy was enabled. A remote authenticated
attacker could use this issue to possibly obtain sensitive information.
This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178)
It was discovered that the Samba internal DNS server incorrectly handled QR
fields when processing incoming DNS messages. A remote attacker could use
this issue to cause Samba to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239)
Daniel Berteaud discovered that the Samba NetBIOS name service daemon
incorrectly handled certain malformed packets. A remote attacker could use
this issue to cause Samba to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0244)
Simon Arlott discovered that Samba incorrectly handled certain unicode path
names. A remote authenticated attacker could use this issue to cause Samba
to stop responding, resulting in a denial of service. (CVE-2014-3493)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
samba 2:4.1.6+dfsg-1ubuntu2.14.04.2
Ubuntu 13.10:
samba 2:3.6.18-1ubuntu3.3
Ubuntu 12.04 LTS:
samba 2:3.6.3-2ubuntu2.11
Ubuntu 10.04 LTS:
samba 2:3.4.7~dfsg-1ubuntu3.15
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2257-1
CVE-2014-0178, CVE-2014-0239, CVE-2014-0244, CVE-2014-3493
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.1.6+dfsg-1ubuntu2.14.04.2
https://launchpad.net/ubuntu/+source/samba/2:3.6.18-1ubuntu3.3
https://launchpad.net/ubuntu/+source/samba/2:3.6.3-2ubuntu2.11
https://launchpad.net/ubuntu/+source/samba/2:3.4.7~dfsg-1ubuntu3.15
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTrGUVAAoJEGVp2FWnRL6TPbwP/A5DkuMoJILoeReL9iVlQrH0
AdKWGPwBdsItppKaehxZIvOAZou6dAEu5p9cbcNdop2HTewZkvK5xj5Nai9ktX7A
ZlP6hxyEVtAte6AqOFjUZ9r7TsHOgfncmY/34Z7M+j7isLtFjVM4Pb22WjtaauL0
exfvpLa5n/Cdzj/cGNQeInraY77DFzTAGAIpw3MNCEN9Bj2CSxkZtHVQgmPhzQdy
vSojhcaUB1UYQ/857A5sVtMJCAl9kPOWAJvb3rGJoGBCx5s+rkDT0ElP5JHlwWpu
Y3PmA1BnO74PnIlLLPIA2GulP+4d3BJn1FkDjK8iFOpKcdORrhL82pC5R6Qdn5lD
hknFJ+WyNpo0BAZWD159rRZy+pN1taj7+kqfirWhIvdJEvaiJuI0jbke9FiRPzua
x1zB/52OdY5l1fxnhaafV6XHuR9OQ92NGhJMdbn/MyqMKVw/TQE9Io0lpAmBoY76
8DkuLsh+R8lHOgcrsqumHHym5V+ggbCFQaLX/u/zkJpfDREYuHbC8BOXfPeJyX52
aKQcI+kxcG3vYfwfdZj3jAyoIIChnMx+S/AkK+eBQMS0qcYOMBhJBxHV4x4uvuPh
m/vbELpIotFs1WPx0O680zbZS/WVjjiEI3Rz8QksAubv32zwyPl0pwuIEGj9N8dd
V129KS3lBc6PKt8bU4YH
=tdV4
—–END PGP SIGNATURE—–
—