GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Mar 25, 2020 7:26 pm Post subject: [ GLSA 202003-52 ] Samba |
 |
|
Gentoo Linux Security Advisory
Title: Samba: Multiple vulnerabilities (GLSA 202003-52)
Severity: normal
Exploitable: remote
Date: 2020-03-25
Bug(s): #664316, #672140, #686036, #693558, #702928, #706144
ID: 202003-52
Synopsis
Multiple vulnerabilities have been found in Samba, the worst of
which could lead to remote code execution.
Background
Samba is a suite of SMB and CIFS client/server programs.
Affected Packages
Package: net-fs/samba
Vulnerable: < 4.11.6
Unaffected: >= 4.9.18 < 4.9.19
Unaffected: >= 4.10.13 < 4.10.14
Unaffected: >= 4.11.6 < 4.11.7
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Samba. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code, cause a Denial
of Service condition, conduct a man-in-the-middle attack, or obtain
sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Samba 4.9.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-4.9.18"
|
All Samba 4.10.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-4.10.13"
|
All Samba 4.11.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-4.11.6"
|
References
CVE-2018-10858
CVE-2018-10918
CVE-2018-10919
CVE-2018-1139
CVE-2018-1140
CVE-2018-14629
CVE-2018-16841
CVE-2018-16851
CVE-2018-16852
CVE-2018-16853
CVE-2018-16857
CVE-2018-16860
CVE-2019-10197
CVE-2019-14861
CVE-2019-14870
CVE-2019-14902
CVE-2019-14907
CVE-2019-19344 |
|
News & Announcements
