Sicherheit: Zwei Probleme in Samba

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8746429230372665145==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="7OeHr2kDXl6fNd0CfOm7bKNaJiiYNYB7I"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7OeHr2kDXl6fNd0CfOm7bKNaJiiYNYB7I
Content-Type: multipart/mixed;
boundary="Uxn2wlTncjbNwIczA4KzqBY2lOMKHNByI";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <bc6ab1d2-9e18-6020-8526-4dcb84d67ee8@canonical.com>
Subject: [USN-4018-1] Samba vulnerabilities

--Uxn2wlTncjbNwIczA4KzqBY2lOMKHNByI
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4018-1
June 19, 2019

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04

Summary:

Samba could be made to crash if it received specially crafted network
traffic.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

It was discovered that Samba incorrectly handled certain RPC messages. A
remote attacker could possibly use this issue to cause Samba to crash,
resulting in a denial of service. (CVE-2019-12435)

It was discovered that Samba incorrectly handled LDAP pages searches. A
remote attacker could possibly use this issue to cause Samba to crash,
resulting in a denial of service. (CVE-2019-12436)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
samba 2:4.10.0+dfsg-0ubuntu2.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4018-1
CVE-2019-12435, CVE-2019-12436

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.10.0+dfsg-0ubuntu2.2

--Uxn2wlTncjbNwIczA4KzqBY2lOMKHNByI--

--7OeHr2kDXl6fNd0CfOm7bKNaJiiYNYB7I
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0KLuQACgkQZWnYVadE
vpMwphAApwd5urTScczUVLUKd2nMY5JHO6AT2kzuwLIyxbUrqxME/p+kxtti9HlP
5BSVwW0ezInReJVDhx5dwKPRYuq7/gnDV5GJsWihrsQNzoTYj4w1Fu2wJc6tf+cO
b8oTa1IeDRSkEnkpVxUooPW9VvcH0E4ukigamztFHLz74EVQWpWGstPlmcbmRbAU
TDyhfMSa8zq/d7qlUczm3y8UW1EAWHbpyzm5u86O/jWoOs5/ZYnkmRVdxicuROIB
U4Pc1WXT/4f17TVNl2ZRrL+PEWU50KXMWq3ICQoBOOLdrsbaLmCyXiw0tWdlFjpk
c2Oiz2de960zvSKE38GvY4+Zt+5gweK3aRam94mM56/hZGtXdx899AcMwuCeh49e
3Mp/Mh9Qd1v7AnV3lRzsgxeFLdAc2HhEjVdRoSlWk7C48ORCPuxrNRPOnufUtMwI
t6Z8UixZDbpe3IWVFs22GLv9ZjxJVYFx7h4wwPufq/3O27oZir89iKOus6+PaUAX
DwWTyjmI4Li6+qlYAd+DP1uUIpmnN1G+1JWljCoKZIrh2/SyHzBdPcMr1QMlmFB7
qoweckdAsvRY+R9eU6vmmNJAAQ948Rbz96VTSCUo15QghvShGVNnsOAGlw6qUEuF
J9vHxj8afCO4y7ytkbr77IggXsMEkItt0A1ot3jRJ7eyDkvVutc=
=uGgP
-----END PGP SIGNATURE-----

--7OeHr2kDXl6fNd0CfOm7bKNaJiiYNYB7I--

--===============8746429230372665145==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8746429230372665145==--