Sicherheit: Mehrere Probleme in Samba

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3291412450948127716==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="9YGS1UIUrVGWhzGNc2eVxtrgvWP40psAk"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--9YGS1UIUrVGWhzGNc2eVxtrgvWP40psAk
Content-Type: multipart/mixed;
boundary="cyJ2hnFzdZGIWAAD2LmojImil3DAfegXA";
protected-headers="v1"
From: Avital Ostromich <avital.ostromich@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <95cd9e9f-f35a-48bc-4809-744ad2922c8d@canonical.com>
Subject: [USN-4931-1] Samba vulnerabilities

--cyJ2hnFzdZGIWAAD2LmojImil3DAfegXA
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US

==========================================================================
Ubuntu Security Notice USN-4931-1
May 03, 2021

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

Steven French discovered that Samba incorrectly handled ChangeNotify
permissions. A remote attacker could possibly use this issue to obtain file
name information. (CVE-2020-14318)

Bas Alberts discovered that Samba incorrectly handled certain winbind
requests. A remote attacker could possibly use this issue to cause winbind
to crash, resulting in a denial of service. (CVE-2020-14323)

Francis Brosnan BlÃ¡zquez discovered that Samba incorrectly handled certain
invalid DNS records. A remote attacker could possibly use this issue to
cause the DNS server to crash, resulting in a denial of service.
(CVE-2020-14383)

Peter Eriksson discovered that Samba incorrectly handled certain negative
idmap cache entries. This issue could result in certain users gaining
unauthorized access to files, contrary to expected behaviour.
(CVE-2021-20254)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4931-1
CVE-2020-14318, CVE-2020-14323, CVE-2020-14383, CVE-2021-20254

--cyJ2hnFzdZGIWAAD2LmojImil3DAfegXA--

--9YGS1UIUrVGWhzGNc2eVxtrgvWP40psAk
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAmCQZnwFAwAAAAAACgkQtGdj0GOh2+yz
SggAqlPH/Ps4IMK3/qrjjRaQG+n47T1BDMVeVkQbt0UZ2rijjlZRnEqcFD/vMKfyuWoHAGJhtsCW
qmi/UmEnh+EcYimQ7kzJNDZtLlCub4ZRRYVMTN+qek/+HHGQQg3YcdY0YVBKqM9QJ62pe9daOUva
Nzv8sGbo2eaie+qm+eNWUsdDZl5dogKWm1gD23vz0dtpMO/TWiZBiUc9uoadOH88V897eALdehTJ
mw/GDjVaWtu8vptExJrHukGz2gjyEZ7VhsFapzINkb+qGESGcl0oyn0UJknqMplDTnjtggrsoU9x
bmlEMsE6TPEGH4N4AsIaTY3vcrPRi6JldMOQo6AAxg==
=1GCr
-----END PGP SIGNATURE-----

--9YGS1UIUrVGWhzGNc2eVxtrgvWP40psAk--

--===============3291412450948127716==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============3291412450948127716==--