You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa samba

Sigurnosni nedostatak programskog paketa samba

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-3976-3
May 27, 2019

samba regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN-3976-1 introduced a regression in Samba.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-3976-1 fixed a vulnerability in Samba. The update introduced a
regression causing Samba to occasionally crash. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked
S4U2Self packets. In certain environments, a remote attacker could possibly
use this issue to escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.11

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.21

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3976-3
https://usn.ubuntu.com/usn/usn-3976-1
https://launchpad.net/bugs/1827924

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.11
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.21

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzsAfYACgkQZWnYVadE
vpNmRRAAlcM0LQ64qHqGVBpR13eJcaizCnyGzesJIC7OymrJjZaHBceWiAuEbEtP
YJQ4kINrJON4MNV/60JMAdiZr4av89lKSqHx93fLmi6ogg1g6YJW1oFU6A68IMXw
Ltsbh1jGmoL3C2pwXu3wRec26hnDB7s3S0si36XUUCnhmAneacOxTfdf+balM0Fo
65uNrnKlsU3wTRHbaGIdzw+1kXq+yu8u0U5OAc7A5LSqJV+VMTXymcv0tKRUjvt/
n22A/7M9l3GUycJF0gwXt4hBpS5EW8fyqqym66CpqDjMKO4JpcTX6iPFpiHr58jl
aty9HlZbB0iNlYEAlG2CxTAyYOFWhFtZ/ihw+OON3naDSsYd/Uw/PGSzVYcnyk0/
k2FiTIdhORreww0zneZkxeJViJM2Te2Fla73/mPenJJDbXXnw0PPzBoELdWWuFth
QTaj4h17P0gU5JAipFP2twhyf4fyW2Rc+lM54Vj8DtjTAGreqmVjErXkE8kgdBf8
g32DKYF41JdQGyZh7B4B6sNShK8OGaNoJPf0mqJQ0kY4Vzy1Tj49QO+5rwOYqEO1
Q5/x0cd6VTIivfOh5A2Ko94f65SZ8QvsmVpCov5MautTqGytxCUcHZSUrR8dsrVA
FwAf24EmTYxvnrJgCK+U0A07YVVoYTnal5c9yvU38zudkZEPUC8=
=eScX
—–END PGP SIGNATURE—–

==========================================================================
Ubuntu Security Notice USN-3976-4
May 27, 2019

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

USN-3976-1 introduced a regression in Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-3976-1 fixed a vulnerability in Samba. The update introduced a
regression causing Samba to occasionally crash. This update fixes the
problem.

Original advisory details:

 Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly
 checked S4U2Self packets. In certain environments, a remote attacker
 could possibly use this issue to escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  samba                           2:4.3.11+dfsg-0ubuntu0.14.04.20+esm2

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3976-4
  https://usn.ubuntu.com/usn/usn-3976-1
  https://launchpad.net/bugs/1827924-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJc7C+iAAoJEEW851uECx9pBREP/2OaxJ2VWi2cZ9RmHYyWgtgw
yvRXTL6R1uOk1R//9f89oa/j25caNGvOy+zaJiaTJEjxPwW1B6JbdFH2qjt6VkrU
uwHyu5EgaXX8mDNgnV0hTU2fOT/kEHA9lWi8M+9WUvqIWzo4NIc6kPu/1wp/8j1n
4OU+lujPWYdZFlMgjCS2yAfTove3R/vTFaRYOSLB3w8xD/CT/XFvphWhb4aughFw
U04SnhgYetjsyDnziDgWw23Uzkvu0gMEoDS6iG1MtYDPuqQHg6an57gxkgBkbpBQ
91st64wRf0xJgeGQSbMvj0moHtU2d8uCotOluUkUdTnszFgtickprEHLbA9oZTRR
B1F6Ii5mxlJZdn4+2oOynxLsTj3m7TaOR/4DI76AKykr0rlCIMbhhR/23pxSOyAK
XRdTa6OXo1i/B70vOY05HtvGLQZEqlq91BSZPDUj/sUP7yWWnOfzc37gsR1HEKzO
uFLfFS9y3f1PicZNdGMN/z2NWzG7JMcQcO6GRK9fwJDhcLW0OsjPefLMQ7ZJmKyF
Y2zH0spnzvab4X0hBrHSRk2Mk4UBg44pId2rSw9UrHNizXVb5zyzv7X8OjX7LtgA
T/9qUr9uEIGb2/SRWDCVDTIQGFHE2k4ZDV9e0rIH0nMSZFxRpNwWizsXY8Nm91oo
ARvzSmiE3GKaIjip5n5X
=9ai2
-----END PGP SIGNATURE-----
-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa gnome-desktop3

Otkriven je sigurnosni nedostatak u programskom paketu gnome-desktop3 za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....

Close