Severe Samba vulnerability is patched in all Ubuntu versions

Samba

You've probably already read the news about the finding of a remote code execution bug in Samba, a free implementation of the Microsoft Windows File Sharing Protocol (formerly called SMB, recently renamed CIFS), which apparently existed in Samba for more than 7 years.

According to a bug report, it appears that Samba mishandled shared libraries, thus giving a remote attacker the ability to upload a remote library to a server in order to run remote code on affected computers. This security flaw affects all versions of Samba, starting with version 3.5.0.

“All versions of Samba starting from 3.5.0 are vulnerable to a remote code execution failure, which allows a malicious client to upload a shared library to a server, and then cause the server to load and run it, ”they say in the safety report posted yesterday.

Samba 4.6.4, 4.5.10 and 4.4.14 patched versions are now available

The Samba team was able to quickly patch this critical vulnerability that apparently affected thousands of UNIX computers running Samba, a service commonly used for its capabilities to share printers and files on local networks, in addition to allowing users to connect to shared Windows folders on the same network.

Therefore, the patched versions were released Samba 4.6.4, 4.5.10 and 4.4.14, which are now available for download from the official website from service. Canonical has also patched Samba on all supported Ubuntu versions, while the other GNU / Linux distributions will receive the patch soon.

As of this writing, other popular distributions, such as Arch Linux, are still using unpatched versions of Samba, such as version 4.6.3 (in testing) or 4.5.8 (stable), but the packages have already been tagged as "expired", so it is a matter of time until new versions of Samba appear.


A comment, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   fedu said

    samba 4.5.10 I just updated it in antergos Saturday, May 27, 2017