You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa samba

Sigurnosni nedostatak programskog paketa samba

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3353-2
July 14, 2017

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Samba could allow unintended access to network services.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-3353-1 fixed a vulnerability in Heimdal. This update provides
the corresponding update for Samba.

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered
that Samba clients incorrectly trusted unauthenticated portions of
Kerberos tickets. A remote attacker could use this to impersonate
trusted network servers or perform other attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
samba-libs 2:4.5.8+dfsg-0ubuntu0.17.04.4

Ubuntu 16.10:
samba-libs 2:4.4.5+dfsg-2ubuntu5.8

Ubuntu 16.04 LTS:
samba-libs 2:4.3.11+dfsg-0ubuntu0.16.04.9

Ubuntu 14.04 LTS:
samba-libs 2:4.3.11+dfsg-0ubuntu0.14.04.10

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3353-2
https://www.ubuntu.com/usn/usn-3353-1
CVE-2017-11103

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.5.8+dfsg-0ubuntu0.17.04.4
https://launchpad.net/ubuntu/+source/samba/2:4.4.5+dfsg-2ubuntu5.8
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.9
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.10

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJZaR95AAoJEC8Jno0AXoH0RQkP/14eVt2idoWQlSdIr0lW6foi
nIWKVKmxFTeeP49EokyEcmg2qhVa66cdpE0W5BPkbCWBV3/9OdVuZ/sJqu19amx/
kt/iLbSCCwmOPMCNdqhhmEG3lNBAXpkvGvu51wxSnrBaMnTysxBEiJwRqTBDSO4y
JlI3cpyf2qXuSjGY606FonpGUtPXvy5Siin5hETMt1G7z/1Mo4HoMAqCKgOO2s5i
+v6WvUp1rzMe5ufrxG1GwXGVhnHW+G3L2UmzZZTDBH88JW2R6Ny7QisXQVceXfol
6y5MNpzJqmHDkUgdVuU4/SlbhgnRN/hy1HLMILS/4N9OR4R+FTHhBu43BtM+9GHJ
uv1Pb0XzeNPm3SClvyUFxF7SRqLSo5CEIbfY+eYFeZZt3+vWQuHKlCIPwu5TPMUM
svSiwsR77Rzg0TtUwZlJXJ6XW1+DHQSXm/NhvsJVqJgh+E2wJn1Bq71cnyyPvC7B
yEq35zyfyg0cGayiyKaUR01fQN8saJt2jWAmqzHBlapmNy2WY8WdMqEt5VSHr5Ab
CMKForZU5B667XpwvQGHTfPU98oTRRr7fIz3lgHdqi1Unf9BBrP3aA8URUIy7OZc
YM5Fdnpcb8RlDA09u8KSTuHBgApKOdsQYQAdacU4wBP2eE42mUbkdKiK/AKNBPLB
RjvA0Qb8YDXpn37q6efL
=1AOt
—–END PGP SIGNATURE—–

 

 

==========================================================================

Ubuntu Security Notice USN-3353-4

July 24, 2017

 

samba vulnerability

==========================================================================

 

A security issue affects these releases of Ubuntu and its derivatives:

 

– Ubuntu 12.04 ESM

 

Summary:

 

Samba could allow unintended access to network services.

 

Software Description:

– samba: SMB/CIFS file, print, and login server for Unix

 

Details:

 

USN-3353-1 fixed a vulnerability in Heimdal. This update provides the

corresponding update for Samba.

 

Original advisory details:

 

 Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered

 that Samba clients incorrectly trusted unauthenticated portions

 of Kerberos tickets. A remote attacker could use this to impersonate

 trusted network services or perform other attacks.

 

Update instructions:

 

The problem can be corrected by updating your system to the following

package versions:

 

Ubuntu 12.04 ESM:

  libsmbclient                    2:3.6.25-0ubuntu0.12.04.12

 

In general, a standard system update will make all the necessary

changes.

 

References:

  https://www.ubuntu.com/usn/usn-3353-4

  https://www.ubuntu.com/usn/usn-3353-1

  CVE-2017-11103

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v2

 

iQIcBAABCAAGBQJZdjctAAoJEEW851uECx9pFgkP+QFEQrzK87Fsa3TT4A9lWOtG

e/df0b9KCMnKYCQ0UPIcHK40gptWZpCMBK3cBUcPCGDhjWOVfT7igfjT/S1qUMO2

OLfumn8a5+pbjM2QTRjYyt8Jz6axirovfI6qooURBH6NCrlomAZMS9RB3u+TMEUh

vuAAurDLEG+7qLjgIpRjDoBYkv//CCW4PYLmb4b5d6EIH6Dtj4mfGmFDR2Ckz+rG

u2nYr/0PVCXJreGBT2Xq2CpoU6IAGgwIRyUDn+HevhDKUlhYkTi9gg94B+oJKabG

SrcA0XexdX7qpCl3+ZqVgGO9/hFQxNwC1T0B9WtBmA9MEw8IBgGsJazrNVZs+bkF

JckAxferbopcf0Yf+M+gfHtTO/Dpy7V8Hb/2ekjrChJg6xRyYvbSQy9DH5sOFbOI

WXsGf/zYIvwpZfDLwd3KCP9lqOeWYbhCK/l5hIGx8Tz7aicqFYwlF4tI4bze9sUR

GFNPWDzC3cfqsYnXRoeGeQmR8PncgaNDxolpnzDsoGj2MbxOplFK1LPEdyi80rcT

1qX4FdeKIqv6g6ChEJEc1o+I8wbRjVNPxI5UEyV2Oc8WQ/qyyaF0uVQFqnkFcFZF

31DUywdHrd34m9WEN/cIq6lcdDFz23G2qW0t7STBB9J0uBMAWrU4LbUMJoQBIfVv

1HCwKj43lTFm6i4YOSAD

=BfSO

—–END PGP SIGNATURE—–

– 

 
AutorDanijel Kozinovic
Cert idNCERT-REF-2017-07-0102-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa heimdal

Otkriven je sigurnosni nedostatak u programskom paketu heimdal za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja...

Close