Login
Newsletter
Werbung

Sicherheit: Denial of Service in Samba
Aktuelle Meldungen Distributionen
Name: Denial of Service in Samba
ID: USN-4454-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
Datum: Mo, 10. August 2020, 17:10
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14303
Applikationen: Samba

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5760773289569750719==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="o66H8FoVXlRedYVQyNaU63xIoYBrtPHtT"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--o66H8FoVXlRedYVQyNaU63xIoYBrtPHtT
Content-Type: multipart/mixed;
boundary="DDXNKeKV85EIBrpcvhN9td9OyPDvkEZM0"

--DDXNKeKV85EIBrpcvhN9td9OyPDvkEZM0
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4454-1
August 10, 2020

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Samba could be made to crash if it received specially crafted network
traffic.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

Martin von Wittich and Wilko Meyer discovered that Samba incorrectly
handled certain empty UDP packets when being used as a AD DC NBT server. A
remote attacker could possibly use this issue to cause Samba to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
samba 2:4.11.6+dfsg-0ubuntu1.4

Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.18

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.29

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4454-1
CVE-2020-14303

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.11.6+dfsg-0ubuntu1.4
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.18
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.29


--DDXNKeKV85EIBrpcvhN9td9OyPDvkEZM0--

--o66H8FoVXlRedYVQyNaU63xIoYBrtPHtT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8xYBcACgkQZWnYVadE
vpNkFw//ZdezOB5yuPvFbBXQ1D3qzxLsxcIczvAJjuJrhBnqCIRt3pyahJ85aL9O
FsD+vvYNJI/icjjicFD9THYxTnqyRU9o2QPQ78j48kLz67eyZGNDAxY4x6sIKtTe
/dbRGi8Bn9l5YDGpr1wotg1G+UEMh/Wfi69Pt77dG83vS1EM2vtrQvqnAR9IZbUF
NP9vdkNmr/LOkOKue1oYCa+5i7HwlIbvt01z7GXWpErpehlyLzB1c1i3MLfuFDTA
i5AXHMrb2p1yH7ocMrMC/y9V8zDf5lODX8CBziJsLQbO+peRTq/UOZd1m8BH6ITi
vMy5sBq8eAwao0JuM0tL1M3AFhEun/Z+eEW7auSNc2Ex/F06oXYcGXNelK3Z0ZX4
QuuGa+jhKq2bJj1knCskKGW4FS9HRm8k8/pYkuKcC1yemREvqtfplm8KpEV2dNlg
4AB0MyLE5ZhvSxePFSUky1GYTtulr+76/aTBCQHvYMvIUdEsesEuaF+H+HB5DDLG
Gief/gYycxWM1Zeteem3uLiNeuqqYXexv5rfPq/Dy+Z4ZkUFG2CoL4YgcQPx3Stp
EGK/vm5bg5XZ99cRnIvfkbDApD4keTFxXwmnDj4XavejSLD/DPkCanQmXGXfIJLs
kI7ZP10CRIQIerObTPtnpAS7PtXiIvp0FtIceWe8tevyPi6vx4g=
=ostt
-----END PGP SIGNATURE-----

--o66H8FoVXlRedYVQyNaU63xIoYBrtPHtT--


--===============5760773289569750719==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5760773289569750719==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung