Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Ubuntu 18.04 LTS USN-5174-1: Samba Updates for Multiple Security Issues

ubuntu
Calendar Grey December 6, 2021
Dist Ubuntu Esm H88
Addressing Samba vulnerabilities in Ubuntu 20.04 LTS, the security advisory USN-5190-1 outlines the necessary patches and their potential impact on system integrity.
Several security issues were fixed in Samba.

Summary

Several security issues were fixed in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client

connections. A remote attacker could possibly use this issue to downgrade

connections to plaintext authentication. (CVE-2016-2124)

Andrew Bartlett discovered that Samba incorrectly mapping domain users to

local users. An authenticated attacker could possibly use this issue to

become root on domain members. (CVE-2020-25717)

Andrew Bartlett discovered that Samba did not properly check sensitive

attributes. An authenticated attacker could possibly use this issue to

escalate privileges. (CVE-2020-25722)

Joseph Sutton discovered that Samba incorrectly handled certain TGS

requests. An authenticated attacker could possibly use this issue to cause

Samba to crash, resulting in a denial of service. (CVE-2021-3671)

The fix for CVE-2020-25717 results in possible...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  samba                           2:4.7.6+dfsg~ubuntu-0ubuntu2.26

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5174-1

CVE-2016-2124, CVE-2020-25717, CVE-2020-25722, CVE-2021-3671

Severity
critical
Lowest
Low
Medium
High
Critical

December 06, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.