You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa samba

Sigurnosni nedostaci programskog paketa samba

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4341-1
April 28, 2020

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Samba.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

Andrei Popa discovered that Samba incorrectly handled certain LDAP queries.
A remote attacker could use this issue to cause Samba to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700)

It was discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could possibly use this issue to cause Samba to consume
resources, resulting in a denial of service. (CVE-2020-10704)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
samba 2:4.11.6+dfsg-0ubuntu1.1

Ubuntu 19.10:
samba 2:4.10.7+dfsg-0ubuntu2.5

Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.16

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.26

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4341-1
CVE-2020-10700, CVE-2020-10704

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.11.6+dfsg-0ubuntu1.1
https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.5
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.16
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.26

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6odisACgkQZWnYVadE
vpPwUQ/8DpqeDswlLGXwTEAOY8qozDcJ17gPbLHIvzeW0auNFLt/UEdw46HlgFha
4cliVIklOmmcuS+jfCqZYWM/sFNIo3yR7MlF3bSZihwUA9ukvQQU0HVXZJ9M5xX2
r59PyFlOpg1zPGhUXlelSXkFNogHt0jBq/F/a9mwaNHTHrkcGIyYneSdE+MU50D5
8VPs/dv1M9e9XPai5M5uAf/mRIvzvPtBjEeKVV917bY3LfNyjEv72D2/T3siZIYt
SEfwTk8BbA43oDsT0ei4LGEx6BbdRTEq7xj8uCFMryueEGcR/v1IRPhA2CdcZyWf
umHj4XBiXZ41fCktEYgRc6v5/uebT2MmeIUaALA4WxZ9iHPuKxNBaReZ5OkBCpq3
L6A5Soqx6LwIXKrTX4l03ozGrWfbQUI7y6DPXq6g72MtfWl19nPENAX5wFsSSlmb
fbMv7QZ3z5rsE3XPB+I1TIaFbK/RMvZpp5Asx0lboiekvTmNu1EEYmlqXbQ0Tl2k
WHEcXQ7j5XrWtcTAaLsPh23iIioj872zl1IifU825MzKbGEEJWC5Oov67fuLaJII
T29rHCzrsUqRhrKrQVfTfgDDdi5WuRRGoKUVbxMJJqSjGiXol3Ddc924nyQpjPC1
WOl3vPR5elYVlrtwgVd3QZJeoD8E+EIEVocruTzOVD0hyNVDHVs=
=6H0x
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2020-04-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa gcc

Otkriven je sigurnosni nedostatak u programskom paketu gcc za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje zaobilaženje sigurnosnih...

Close