1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Samba vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, August 10, 2020 12:10:06
    samba vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Samba could be made to crash if it received specially crafted
    network traffic.

    Software Description

    * samba - SMB/CIFS file, print, and login server for Unix

    Details

    Martin von Wittich and Wilko Meyer discovered that Samba
    incorrectly handled certain empty UDP packets when being used as a
    AD DC NBT server. A remote attacker could possibly use this issue
    to cause Samba to crash, resulting in a denial of service.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    samba - 2:4.11.6+dfsg-0ubuntu1.4

    Ubuntu 18.04 LTS
    samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18

    Ubuntu 16.04 LTS
    samba - 2:4.3.11+dfsg-0ubuntu0.16.04.29

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-14303

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, August 10, 2020 16:10:04
    samba vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Samba could be made to crash if it received specially crafted
    network traffic.

    Software Description

    * samba - SMB/CIFS file, print, and login server for Unix

    Details

    USN-4454-1 fixed a vulnerability in Samba. This update provides
    the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04
    ESM.

    Original advisory details:

    Martin von Wittich and Wilko Meyer discovered that Samba
    incorrectly handled certain empty UDP packets when being used as a
    AD DC NBT server. A remote attacker could possibly use this issue
    to cause Samba to crash, resulting in a denial of service.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8

    Ubuntu 12.04 ESM
    samba - 2:3.6.25-0ubuntu0.12.04.21

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4454-1
    * CVE-2020-14303

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, September 17, 2020 12:10:03
    samba vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Samba would allow unintended access to files over the network.

    Software Description

    * samba - SMB/CIFS file, print, and login server for Unix

    Details

    USN-4510-1 fixed a vulnerability in Samba. This update provides
    the corresponding update for Ubuntu 14.04 ESM.

    Original advisory details:

    Tom Tervoort discovered that the Netlogon protocol implemented by
    Samba incorrectly handled the authentication scheme. A remote
    attacker could use this issue to forge an authentication token and
    steal the credentials of the domain admin.

    This update fixes the issue by changing the "server schannel"
    setting to default to "yes", instead of "auto", which will force a
    secure netlogon channel. This may result in compatibility issues
    with older devices. A future update may allow a finer-grained
    control over this setting.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4510-1
    * CVE-2020-1472

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, September 17, 2020 12:10:03
    samba vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Samba would allow unintended access to files over the network.

    Software Description

    * samba - SMB/CIFS file, print, and login server for Unix

    Details

    Tom Tervoort discovered that the Netlogon protocol implemented by
    Samba incorrectly handled the authentication scheme. A remote
    attacker could use this issue to forge an authentication token and
    steal the credentials of the domain admin.

    This update fixes the issue by changing the "server schannel"
    setting to default to "yes", instead of "auto", which will force a
    secure netlogon channel. This may result in compatibility issues
    with older devices. A future update may allow a finer-grained
    control over this setting.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 18.04 LTS
    samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19

    Ubuntu 16.04 LTS
    samba - 2:4.3.11+dfsg-0ubuntu0.16.04.30

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-1472

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)