You've probably already read the news about the finding of a remote code execution bug in Samba, a free implementation of the Microsoft Windows File Sharing Protocol (formerly called SMB, recently renamed CIFS), which apparently existed in Samba for more than 7 years.
According to a bug report, it appears that Samba mishandled shared libraries, thus giving a remote attacker the ability to upload a remote library to a server in order to run remote code on affected computers. This security flaw affects all versions of Samba, starting with version 3.5.0.
“All versions of Samba starting from 3.5.0 are vulnerable to a remote code execution failure, which allows a malicious client to upload a shared library to a server, and then cause the server to load and run it, ”they say in the safety report posted yesterday.
Samba 4.6.4, 4.5.10 and 4.4.14 patched versions are now available
The Samba team was able to quickly patch this critical vulnerability that apparently affected thousands of UNIX computers running Samba, a service commonly used for its capabilities to share printers and files on local networks, in addition to allowing users to connect to shared Windows folders on the same network.
Therefore, the patched versions were released Samba 4.6.4, 4.5.10 and 4.4.14, which are now available for download from the official website from service. Canonical has also patched Samba on all supported Ubuntu versions, while the other GNU / Linux distributions will receive the patch soon.
As of this writing, other popular distributions, such as Arch Linux, are still using unpatched versions of Samba, such as version 4.6.3 (in testing) or 4.5.8 (stable), but the packages have already been tagged as "expired", so it is a matter of time until new versions of Samba appear.
samba 4.5.10 I just updated it in antergos Saturday, May 27, 2017