Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 18.04 LTS USN-7582-1 critical: Samba denial of service escalation

ubuntu
Calendar Grey June 19, 2025
Dist Ubuntu Esm H88
Updates rectify several Samba vulnerabilities across different Ubuntu releases, reducing the threats of denial-of-service and privilege escalation.
Several security issues were fixed in Samba.

Summary

Several security issues were fixed in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

Evgeny Legerov discovered that Samba incorrectly handled buffers in

certain GSSAPI routines of Heimdal. A remote attacker could possibly use

this issue to cause Samba to crash, resulting in a denial of service.

(CVE-2022-3437)

Greg Hudson discovered that Samba incorrectly handled PAC parsing. On

32-bit systems, a remote attacker could use this issue to escalate

privileges, or possibly execute arbitrary code. (CVE-2022-42898)

Joseph Sutton discovered that Samba could be forced to issue rc4-hmac

encrypted Kerberos tickets. A remote attacker could possibly use this issue

to escalate privileges. This issue only affected Ubuntu 20.04 LTS and

Ubuntu 22.04 LTS. (CVE-2022-45141)

Florent Saudel discovered that Samba incorrectly handled certain Spotlight

requests. A remote attacker could possibly use this issue to cause Samba to

consume resources, leading...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  samba                           2:4.7.6+dfsg~ubuntu-0ubuntu2.29+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  samba                           2:4.3.11+dfsg-0ubuntu0.16.04.34+esm2
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  samba                           2:4.3.11+dfsg-0ubuntu0.14.04.20+esm13
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7582-1

CVE-2022-3437, CVE-2022-42898, CVE-2022-45141, CVE-2023-34966

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7582-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here