drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in Samba (Aktualisierung)
Name: |
Unsichere Verwendung temporärer Dateien in Samba (Aktualisierung) |
|
ID: |
USN-3242-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10 |
|
Datum: |
Do, 30. März 2017, 22:05 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Samba |
|
Update von: |
Unsichere Verwendung temporärer Dateien in Samba |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5037940662564890485== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2n23It6VEDI6N9EqQPPPnrqgiE3IUreUf"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2n23It6VEDI6N9EqQPPPnrqgiE3IUreUf Content-Type: multipart/mixed; boundary="TAhL37o7rUBbrlQNlg4xWdmRQqLPtKcxb" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <f2ee1407-3103-4652-3fcb-a31f0af95dac@canonical.com> Subject: [USN-3242-2] Samba regression
--TAhL37o7rUBbrlQNlg4xWdmRQqLPtKcxb Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3242-2 March 30, 2017
samba regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
USN-3242-1 introduced a regression in Samba.
Software Description: - samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links.
This update fixes the problem.
Original advisory details:
Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: samba 2:4.4.5+dfsg-2ubuntu5.5
Ubuntu 16.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.16.04.6
Ubuntu 14.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.14.04.7
Ubuntu 12.04 LTS: samba 2:3.6.25-0ubuntu0.12.04.10
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3242-2 http://www.ubuntu.com/usn/usn-3242-1 https://launchpad.net/bugs/1675698
Package Information: https://launchpad.net/ubuntu/+source/samba/2:4.4.5+dfsg-2ubuntu5.5 https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.6 https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.7 https://launchpad.net/ubuntu/+source/samba/2:3.6.25-0ubuntu0.12.04.10
--TAhL37o7rUBbrlQNlg4xWdmRQqLPtKcxb--
--2n23It6VEDI6N9EqQPPPnrqgiE3IUreUf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJY3U5oAAoJEGVp2FWnRL6TJ70P/RKaVJOBQzoH112bpk/swAYd wpmyYQ3hHca6CdUDThPv06qYksBfrC7S9lntSAIEXuKIGj/SMv/kJo2t66L1PkLZ KKPd2UyUjFVgxLwDNoP1LQwYc5wYfl/2ZGAHaKh06MCsM50n55RR+aDeh3EU8W9K utZtMZGCtAqci0DKyUSsnuBJ358BN0xRSe63IweyjjyLEPkItmr2AcDGqu1VyOaw Zz/d/n+4pGOxP8DDWQgEuPPzbhCl/451X3hkWsnn+8dTocgeH2AOwjJt91LgWRKE 5d5eK3FE5yzocG3VJ3vpzPsxk+jAp1vI/V/K09+qr+aNlcPUenjmZp/qqIU/UpjA ZsTniio381bhLfAoeNmZDG9Tozy3vbGpOFoKumutIh6wuEre05wEvAwQLY2uRXW8 vamhZuwvYhHR6Mbxe2nIAqEwwhp7aqokLOXSxnUv4CmXNR/NMTDzh/1MpNfitJ15 6QSKQKzqpycYSXP0EkABmWciaeFT2CHGp2Xs6vw9UxXkooXlzBj+R5j9NtQk6gdZ MjmGdTdi26MhbdRvIxcrSpycz5fyXddRtS7yrMpHm3/9hlE5mQVlSyLFHe+QvkT7 kVICZbX069SvGHZBdFqaXFcMfVW12ZtQbHzjvkafczlTPOlfz5txxFy981wZGV+f X8YV9lwq/iqiQqucmqbz =/hUX -----END PGP SIGNATURE-----
--2n23It6VEDI6N9EqQPPPnrqgiE3IUreUf--
--===============5037940662564890485== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5037940662564890485==--
|
|
|
|