Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Ubuntu 16.04 LTS: USN-2732-1 Major OpenSSH Authentication Bypass

ubuntu
Calendar Grey January 22, 2015
Dist Ubuntu Esm H88
CIFS vulnerability poses risks for Debian users; mitigate by installing patches for CIFS modules in designated releases.
A security issue was fixed in Samba.

Summary

A security issue was fixed in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

Andrew Bartlett discovered that Samba incorrectly handled delegation of

authority when being used as an Active Directory Domain Controller. An

attacker given delegation privileges could use this issue to escalate their

privileges further.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  samba                           2:4.1.11+dfsg-1ubuntu2.1

Ubuntu 14.04 LTS:
  samba                           2:4.1.6+dfsg-1ubuntu2.14.04.4

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8143

Severity
important
Lowest
Low
Medium
High
Critical

January 22, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.