Samba Exploits Fixed in All Ubuntu Supported OSes

Users have been advised to upgrade their systems as soon as possible

By on June 26th, 2014 18:57 GMT

Canonical has announced that a Samba vulnerability in its Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems has been found and fixed.

The company has just released a new update for Samba and a number of exploits have been closed.

“Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS,” reads the security notice.

Also, “It was discovered that the Samba internal DNS server incorrectly handled QR fields when processing incoming DNS messages. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service.”

These are just a couple of the vulnerabilities identified by the developer, and for a more detailed description of the problems you can see Canonical's security notification.

The flaws can be fixed if you upgrade your system(s) to the latest samba packages specific to each distribution. To apply the patch, run the Update Manager application.

In general, a standard system update will make all the necessary changes, and users won't have to restart the PC or laptop in order to apply the patch.

Comments