Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 4244-1 Moderate: Samba Security Issues and Fixes

ubuntu
Calendar Grey January 21, 2020
Dist Ubuntu Esm H88
Multiple Samba vulnerabilities resolved in Ubuntu versions 19.10, 19.04, 18.04 LTS, and 16.04 LTS updates are now accessible.
Several security issues were fixed in Samba.

Summary

Several security issues were fixed in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

It was discovered that Samba did not automatically replicate ACLs set to

inherit down a subtree on AD Directory, contrary to expectations. This

issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu

19.10. (CVE-2019-14902)

Robert Święcki discovered that Samba incorrectly handled certain character

conversions when the log level is set to 3 or above. In certain

environments, a remote attacker could possibly use this issue to cause

Samba to crash, resulting in a denial of service. (CVE-2019-14907)

Christian Naumer discovered that Samba incorrectly handled DNS zone

scavenging. This issue could possibly result in some incorrect data being

written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu

19.10. (CVE-2019-19344)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  samba                           2:4.10.7+dfsg-0ubuntu2.4

Ubuntu 19.04:
  samba                           2:4.10.0+dfsg-0ubuntu2.8

Ubuntu 18.04 LTS:
  samba                           2:4.7.6+dfsg~ubuntu-0ubuntu2.15

Ubuntu 16.04 LTS:
  samba                           2:4.3.11+dfsg-0ubuntu0.16.04.25

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4244-1

CVE-2019-14902, CVE-2019-14907, CVE-2019-19344

January 21, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here