Samba: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4015
                     USN-4167-2: Samba vulnerabilities
                              30 October 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Samba
Publisher:         Ubuntu
Operating System:  Ubuntu
                   Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service              -- Existing Account            
                   Provide Misleading Information -- Remote with User Interaction
                   Access Confidential Data       -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-14847 CVE-2019-14833 CVE-2019-10218

Original Bulletin: 
   https://usn.ubuntu.com/4167-2/
   https://usn.ubuntu.com/4167-1/

Comment: This bulletin contains two (2) Ubuntu security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4167-2: Samba vulnerabilities
29 October 2019

samba vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 14.04 ESM
  o Ubuntu 12.04 ESM

Summary

Several security issues were fixed in Samba.

Software Description

  o samba - SMB/CIFS file, print, and login server for Unix

Details

USN-4167-1 fixed several vulnerabilities in Samba. This update provides the
corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Michael Hanselmann discovered that the Samba client code incorrectly handled
path separators. If a user were tricked into connecting to a malicious server,
a remote attacker could use this issue to cause the client to access local
pathnames instead of network pathnames. (CVE-2019-10218)

Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A
remote attacker with "get changes" permissions could possibly use this issue to
cause Samba to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 ESM. (CVE-2019-14847)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 14.04 ESM
    libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3
    samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3
Ubuntu 12.04 ESM
    libsmbclient - 2:3.6.25-0ubuntu0.12.04.19
    samba - 2:3.6.25-0ubuntu0.12.04.19

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

In general, a standard system update will make all the necessary changes.

References

  o USN-4167-1
  o CVE-2019-10218
  o CVE-2019-14847

- ---

USN-4167-1: Samba vulnerabilities
29 October 2019

samba vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 19.10
  o Ubuntu 19.04
  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Samba.

Software Description

  o samba - SMB/CIFS file, print, and login server for Unix

Details

Michael Hanselmann discovered that the Samba client code incorrectly handled
path separators. If a user were tricked into connecting to a malicious server,
a remote attacker could use this issue to cause the client to access local
pathnames instead of network pathnames. (CVE-2019-10218)

Simon Fonteneau and BjArn Baumbach discovered that Samba incorrectly handled
the check password script. This issue could possibly bypass custom password
complexity checks, contrary to expectations. This issue only affected Ubuntu
18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833)

Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A
remote attacker with "get changes" permissions could possibly use this issue to
cause Samba to crash, resulting in a denial of service. (CVE-2019-14847)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 19.10
    libsmbclient - 2:4.10.7+dfsg-0ubuntu2.2
    samba - 2:4.10.7+dfsg-0ubuntu2.2
Ubuntu 19.04
    libsmbclient - 2:4.10.0+dfsg-0ubuntu2.6
    samba - 2:4.10.0+dfsg-0ubuntu2.6
Ubuntu 18.04 LTS
    libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13
    samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13
Ubuntu 16.04 LTS
    libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.23
    samba - 2:4.3.11+dfsg-0ubuntu0.16.04.23

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

In general, a standard system update will make all the necessary changes.

References

  o CVE-2019-10218
  o CVE-2019-14833
  o CVE-2019-14847

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXbkHi2aOgq3Tt24GAQiSVhAAzwTpugRsYL2cjbN8RAC4FQ2ossF+TBjY
JDmEkJcqOusVbPqakj9GKQvnzP2izjDplyNgGpymF4mbISHiTMzutgHprAE/3mba
Wo7qw0WcGsmaI0YlEFDlIzrUXLa5DxRcs7oeOvAW0ELs/ewPPQFbsWsbYlglK+4p
gA8tJ4A7F01adE0CjCNr8ksriMqJST0CfxF/8qloKi6C8UZHe7gwVEqs1ZHawHXB
TU0sheL+jw5dhFaRfWk+7u8mYmQM9mH3MSODNNZC/QbAUg+sT6MwNSJPf54I4RGu
73SMMvUvVfL+HcvUpXsfyP0rUkh4PpPa0c6gTo3GEpfZKKxcq7D9fyH+ozKkkIU2
IDyWuTkRdBcWCQzFek1avrabaWDmyD+YZUk0w+XFXvT4uVHLFQrp1UqY9X2j/GMz
//0eeaDm7gKLfSZ4FNAeQKepnNGe/VxRqAIcBufA2gJNjEwmlbropkE5gg45Gla5
mlq98tmDk7L30/+UfHyPhB3Im/1EF22OCm6VWsxIQMGzeIC8IEPUzKyawWuR68KD
/ktRXuq04nea4iIjIjGWKlLjjxyFyVpmvtzcB07c9rf6P7KBqfp2I3zUgEc6I+qf
NF4wfsRHV09h+FqvxwsmwnKkKLcdwCO/du8FPg99pI70wKp5o+du7iVbQfL6Ly09
OdmUCNhh9A4=
=qUbE
-----END PGP SIGNATURE-----