USN-3595-1: Samba vulnerabilities

Packages

samba - SMB/CIFS file, print, and login server for Unix

Details

Björn Baumbach discovered that Samba incorrectly validated permissions when
changing account passwords via LDAP. An authenticated attacker could use this
issue to change the password of other users, including administrators, and
perform actions as those users. (CVE-2018-1057)

It was discovered that Samba incorrectly validated inputs to the RPC spoolss
service. An authenticated attacker could use this issue to cause the service to
crash, resulting in a denial of service. (CVE-2018-1050)

Björn Baumbach discovered that Samba incorrectly validated permissions when
changing account passwords via LDAP. An authenticated attacker could use this
issue to change the password of other users, including administrators, and
perform actions as those users. (CVE-2018-1057)

It was discovered that Samba incorrectly validated inputs to the RPC spoolss
service. An authenticated attacker could use this issue to cause the service to
crash, resulting in a denial of service. (CVE-2018-1050)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
17.10 artful	samba – 2:4.6.7+dfsg-1ubuntu3.2
17.10 artful	samba-dsdb-modules – 2:4.6.7+dfsg-1ubuntu3.2
16.04 xenial	samba – 2:4.3.11+dfsg-0ubuntu0.16.04.13
16.04 xenial	samba-dsdb-modules – 2:4.3.11+dfsg-0ubuntu0.16.04.13
14.04 trusty	samba – 2:4.3.11+dfsg-0ubuntu0.14.04.14
14.04 trusty	samba-dsdb-modules – 2:4.3.11+dfsg-0ubuntu0.14.04.14

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

USN-3595-2

USN-3595-2

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices