Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in Samba (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in Samba (Aktualisierung)
ID: USN-3242-2
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10
Datum: Do, 30. März 2017, 22:05
Referenzen: Keine Angabe
Applikationen: Samba
Update von: Unsichere Verwendung temporärer Dateien in Samba

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5037940662564890485==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="2n23It6VEDI6N9EqQPPPnrqgiE3IUreUf"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--2n23It6VEDI6N9EqQPPPnrqgiE3IUreUf
Content-Type: multipart/mixed;
boundary="TAhL37o7rUBbrlQNlg4xWdmRQqLPtKcxb"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <f2ee1407-3103-4652-3fcb-a31f0af95dac@canonical.com>
Subject: [USN-3242-2] Samba regression

--TAhL37o7rUBbrlQNlg4xWdmRQqLPtKcxb
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3242-2
March 30, 2017

samba regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

USN-3242-1 introduced a regression in Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a
regression when Samba is configured to disable following symbolic links.

This update fixes the problem.

Original advisory details:

Jann Horn discovered that Samba incorrectly handled symlinks. An
authenticated remote attacker could use this issue to access files on the
server outside of the exported directories.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
samba 2:4.4.5+dfsg-2ubuntu5.5

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.6

Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.7

Ubuntu 12.04 LTS:
samba 2:3.6.25-0ubuntu0.12.04.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3242-2
http://www.ubuntu.com/usn/usn-3242-1
https://launchpad.net/bugs/1675698

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.4.5+dfsg-2ubuntu5.5
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.6
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.7
https://launchpad.net/ubuntu/+source/samba/2:3.6.25-0ubuntu0.12.04.10



--TAhL37o7rUBbrlQNlg4xWdmRQqLPtKcxb--

--2n23It6VEDI6N9EqQPPPnrqgiE3IUreUf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJY3U5oAAoJEGVp2FWnRL6TJ70P/RKaVJOBQzoH112bpk/swAYd
wpmyYQ3hHca6CdUDThPv06qYksBfrC7S9lntSAIEXuKIGj/SMv/kJo2t66L1PkLZ
KKPd2UyUjFVgxLwDNoP1LQwYc5wYfl/2ZGAHaKh06MCsM50n55RR+aDeh3EU8W9K
utZtMZGCtAqci0DKyUSsnuBJ358BN0xRSe63IweyjjyLEPkItmr2AcDGqu1VyOaw
Zz/d/n+4pGOxP8DDWQgEuPPzbhCl/451X3hkWsnn+8dTocgeH2AOwjJt91LgWRKE
5d5eK3FE5yzocG3VJ3vpzPsxk+jAp1vI/V/K09+qr+aNlcPUenjmZp/qqIU/UpjA
ZsTniio381bhLfAoeNmZDG9Tozy3vbGpOFoKumutIh6wuEre05wEvAwQLY2uRXW8
vamhZuwvYhHR6Mbxe2nIAqEwwhp7aqokLOXSxnUv4CmXNR/NMTDzh/1MpNfitJ15
6QSKQKzqpycYSXP0EkABmWciaeFT2CHGp2Xs6vw9UxXkooXlzBj+R5j9NtQk6gdZ
MjmGdTdi26MhbdRvIxcrSpycz5fyXddRtS7yrMpHm3/9hlE5mQVlSyLFHe+QvkT7
kVICZbX069SvGHZBdFqaXFcMfVW12ZtQbHzjvkafczlTPOlfz5txxFy981wZGV+f
X8YV9lwq/iqiQqucmqbz
=/hUX
-----END PGP SIGNATURE-----

--2n23It6VEDI6N9EqQPPPnrqgiE3IUreUf--


--===============5037940662564890485==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5037940662564890485==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung