Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 LTS: USN 5822-2 Moderate: Samba Regression Risk

ubuntu
Calendar Grey January 26, 2023
Dist Ubuntu Esm H88
Ubuntu 20.04 LTS apresentou problemas após o USN 5822-1, identifique a origem e faça a atualização do samba para corrigir falhas críticas.
USN 5822-1 introduced regressions on Ubuntu 20.04 LTS.

Summary

USN 5822-1 introduced regressions on Ubuntu 20.04 LTS.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS

introduced regressions in certain environments. Pending investigation of

these regressions, this update temporarily reverts the security fixes.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Samba incorrectly handled the bad password count

logic. A remote attacker could possibly use this issue to bypass bad

passwords lockouts. This issue was only addressed in Ubuntu 22.10.

(CVE-2021-20251)

Evgeny Legerov discovered that Samba incorrectly handled buffers in

certain GSSAPI routines of Heimdal. A remote attacker could possibly use

this issue to cause Samba to crash, resulting in a denial of service.

(CVE-2022-3437)

Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Ker...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   samba                           2:4.13.17~dfsg-0ubuntu1.20.04.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5822-2

https://ubuntu.com/security/notices/USN-5822-1

https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867, https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003891

January 26, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here