1. Ubuntu Security Notices
  2. USN-4167-2

USN-4167-2: Samba vulnerabilities

Publication date

29 October 2019

Overview

Several security issues were fixed in Samba.

Releases

Packages

  • samba - SMB/CIFS file, print, and login server for Unix

Details

USN-4167-1 fixed several vulnerabilities in Samba. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Michael Hanselmann discovered that the Samba client code incorrectly
handled path separators. If a user were tricked into connecting to a
malicious server, a remote attacker could use this issue to cause the
client to access local pathnames instead of network pathnames.
(CVE-2019-10218)

Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control.
A remote attacker with "get changes" permissions could possibly use this
issue to cause Samba to crash, resulting in a denial of service. This issue
only affected Ubuntu 14.04 ESM. (CVE-2019-14847)

USN-4167-1 fixed several vulnerabilities in Samba. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Michael Hanselmann discovered that the Samba client code incorrectly
handled path separators. If a user were tricked into connecting to a
malicious server, a remote attacker could use this issue to cause the
client to access local pathnames instead of network pathnames.
(CVE-2019-10218)

Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control.
A remote attacker with "get changes" permissions could possibly use this
issue to cause Samba to crash, resulting in a denial of service. This issue
only affected Ubuntu 14.04 ESM. (CVE-2019-14847)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
14.04 trusty samba –  2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3
libsmbclient –  2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3
12.04 precise samba –  2:3.6.25-0ubuntu0.12.04.19
libsmbclient –  2:3.6.25-0ubuntu0.12.04.19

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›