==========================================================================
Ubuntu Security Notice USN-3296-2
May 24, 2017
samba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Samba could be made to run programs as an administrator.
Software Description:
– samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-3296-1 fixed a vulnerability in Samba. This update provides the
corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Samba incorrectly handled shared libraries. A remote
attacker could use this flaw to upload a shared library to a writable share
and execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
samba 2:3.6.25-0ubuntu0.12.04.11
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3296-2
https://www.ubuntu.com/usn/usn-3296-1
CVE-2017-7494
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZJgrdAAoJENaSAD2qAscK2wAQAL8S2hoTZHTLDSYBdJSKtbKh
qTM2Jo0jaiyowatii5IYPzG1qmntlPGBvstiS5jKY8az29VxxTkshJT/ySJhAXa5
C5nUVore+Ctj8RJiQ59EcXYZ4jDnv8A06EPLfGpeVg2IpSyuRJWCf51OBXoyQgbR
0xu+mQe2EGNy/fcljE2qnk2sSwRuJs7+EiCxCDcX1H2v6C2y0I8gl34CZRo4/M1P
0d3qEezQ/S7ivIfweMbDe/D1GspNAUZFfgKfq5YyxoB8QXr0quaXtk8pmoHwRzLB
Zvf/7O0BHiKQUXM8Vesz6IpFulPCjSDxFZGvT5FA7yTJSjWMEY6S11wwrKjGgXm/
eu+juIM5BiP+ewBs6SqZ9/pSqtKpPZ6aonbmFo8u4Z6xG8FfhXqBS33paJe3+lXQ
3/dYcrwxHkCbLZP3h7qd0ficXWkHK/LQ4c6JYqd/qvDuvRlVE1zRlaDk75qdQ/hz
Zvfi/8z06PNe4+G66bwAo5BQf/tPCEivea+MadcZEQ0gvo9GO4EgjvHwlUyrvv0r
p4ckenwbeno3Bty7KvnljqU6YFFvN5hEIhSXwCvV9sDGYpCJyOlcR4niGPR0Pppa
8AzQ1H8QF1Nr68eNX8V6zwarVxem4G5wyFBollEe41Fdq4Q9gldvK/1HoPDzUEoW
byE5gMCZs6EDMK4hZC+J
=lVjy
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3296-1
May 24, 2017
samba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
– Ubuntu 16.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Samba could be made to run programs as an administrator.
Software Description:
– samba: SMB/CIFS file, print, and login server for Unix
Details:
It was discovered that Samba incorrectly handled shared libraries. A remote
attacker could use this flaw to upload a shared library to a writable share
and execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
samba 2:4.5.8+dfsg-0ubuntu0.17.04.2
Ubuntu 16.10:
samba 2:4.4.5+dfsg-2ubuntu5.6
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.7
Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.8
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3296-1
CVE-2017-7494
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.5.8+dfsg-0ubuntu0.17.04.2
https://launchpad.net/ubuntu/+source/samba/2:4.4.5+dfsg-2ubuntu5.6
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.7
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.8
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJZJYrPAAoJEGVp2FWnRL6Th80P/1RgcKz1nieoL34nKn28cTTe
cwIOrKhnLAzD4zLHBS52Ar0dpjCPCAabDoex3TqnxyzlozTfCEVm//B1AjO5JYYG
QdLn2CZcRRNVERigzl0ZOK8cBY+RvahL4QOYuoQnZxCwzjMqncAHvHPlhe8lERDb
msi0rQ2AKsKkWXrks7gnXKq/+Av7aM4gE5AmPIGNciiUXUIhtYydqWgIRakt5DWA
s4+ukPLa5TyDlZu1DIoZF4AQA3JjzcPDs4p2LWhLj2wAurFg2ooMfpUyqAVGxR0P
5R7w5/qILqnv7qQG6r0y3q81pjcJWDGU7wJ0fwuNWShTG3+vvZmR8WU1I+Nvb+91
WPLrMrwDGl6AWmmZLRDI9+Ni7LD7q7CKSngGKbHOhgdfSWpeIHLEwm3XVEnozix/
z6q3RPFSAUrmawc9bA227szSdAkdkNm99wfF8DkH6bIpeg+MPUidpJUdy0a+Cnlw
FHtYPSoUXHIL8nLLQvgsdu7A/lZwPt4UZnCwSe5bvJ2rVSblVbXaDC3qEW3ffX8s
0/0xDmNqJUjW44vKK+IsszkjEhjRb19ZQqCnjhugsZbI2kkynZagXWeMJ4elYIOg
ElUdKA9ajtFZi/8XlgWqeVxmF6POndxZ2pMhS1xWYoGEBZtxR638nQEROTNkzCXc
Fwq6TrNj4HPlqy5fbWyN
=R4W1
—–END PGP SIGNATURE—–
—
