Ubuntu Security Notice 4217-2 - USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Various other issues were also addressed.
6db26f2e489f1384d2f218d9e2544521385fb447c71f37e016d74825ac3f8bbb=========================================================================
Ubuntu Security Notice USN-4217-2
December 11, 2019
samba vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-4217-1 fixed several vulnerabilities in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Andreas Oster discovered that the Samba DNS management server incorrectly
handled certain records. An authenticated attacker could possibly use this
issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)
Isaac Boukris discovered that Samba did not enforce the Kerberos
DelegationNotAllowed feature restriction, contrary to expectations.
(CVE-2019-14870)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
libsmbclient 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4217-2
https://usn.ubuntu.com/4217-1
CVE-2019-14861, CVE-2019-14870
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed