Sicherheit: Zwei Probleme in Samba

Lesezeichen hinzufügen

--===============6301678131164810168==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="82I3+IH0IqGh5yIs"
Content-Disposition: inline

--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3595-1
March 13, 2018

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

Björn Baumbach discovered that Samba incorrectly validated permissions when
changing account passwords via LDAP. An authenticated attacker could use this
issue to change the password of other users, including administrators, and
perform actions as those users. (CVE-2018-1057)

It was discovered that Samba incorrectly validated inputs to the RPC spoolss
service. An authenticated attacker could use this issue to cause the service to
crash, resulting in a denial of service. (CVE-2018-1050)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
samba 2:4.6.7+dfsg-1ubuntu3.2
samba-dsdb-modules 2:4.6.7+dfsg-1ubuntu3.2

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.13
samba-dsdb-modules 2:4.3.11+dfsg-0ubuntu0.16.04.13

Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.14
samba-dsdb-modules 2:4.3.11+dfsg-0ubuntu0.14.04.14

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3595-1
CVE-2018-1050, CVE-2018-1057

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.6.7+dfsg-1ubuntu3.2
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.13
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.14

--82I3+IH0IqGh5yIs
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJap+RhAAoJENaSAD2qAscKQ1gQAJLz76kj9v/EugfUeKpQTRSX
ngqoe8oIfX9kBkcqkKlj3w2hyfyFmeeFpUwziy98EPezrQsQTdhcHq0nNFzpF6Za
5g8EvO7cySTctHKW1nNc1L/gmW9nFjrL5M6YSTjOaxj2nnkN962MlCULLcLkQm8R
qzK4XOSLyPM01w+pkf8UC+sodpK6a9jc3cq02G/muufYTuI666N2eYrOOOMclYK1
YReaimkw1iPHSXVV7xj9b+oKpcXBaX7TUzEJWBCNlXeS8I6UIa+CXvLCxWDMJstw
pK8WfERpoOJFVjjRlrowuoE5Jvc3xWaXFfAbfjzXSTkNUF+7NXrQxuWCALAinCmT
LIPbNlXyPMYqDEFFaSMILxatF5jLYQZ3ihBbPDdwUIt0UzhPLOGjNc52jY6U5hge
zfPA9u9WHX0+kPsl7T1a1wFdKzWKKWGorRQTUzq5n0gcoB0GgaM58f35wG84qa92
11LfuL57EJNeDeCwJDR7J+svvU0qtJmPBCs9j7tUlTkfdl4Jh8O8FfeUzCDs4e6I
B8A2YOhP4lVRADKQGygxZdBnKwSRXC4TpDepSVid9wpthaTNEl5w8v6fejNJ6MCZ
isxi25f6f+RKWdYGdwtEXAVXYaPCI25KHLpoZfKBEfYVhPIC9tw+Xo56ZIhQaS8E
OkF3u12K8UpmCDhUGtod
=Pvbq
-----END PGP SIGNATURE-----

--82I3+IH0IqGh5yIs--

--===============6301678131164810168==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6301678131164810168==--