[USN-4559-1] Samba update

Marc Deslauriers marc.deslauriers at canonical.com
Wed Sep 30 14:27:20 UTC 2020

Ubuntu Security Notice USN-4559-1
September 30, 2020

samba update

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS


Several security improvements were added to Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix


Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrectly handled the authentication scheme. A remote attacker could use
this issue to forge an authentication token and steal the credentials of
the domain admin.

While a previous security update fixed the issue by changing the "server
schannel" setting to default to "yes", instead of "auto", which forced a
secure netlogon channel, this update provides additional improvements.

For compatibility reasons with older devices, Samba now allows specifying
an insecure netlogon configuration per machine. See the following link for
examples: https://www.samba.org/samba/security/CVE-2020-1472.html

In addition, this update adds additional server checks for the protocol
attack in the client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results when
running the proof-of-concept exploit.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  samba                           2:4.11.6+dfsg-0ubuntu1.5

Ubuntu 18.04 LTS:
  samba                           2:4.7.6+dfsg~ubuntu-0ubuntu2.20

Ubuntu 16.04 LTS:
  samba                           2:4.3.11+dfsg-0ubuntu0.16.04.31

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20200930/9fa3b671/attachment.sig>

More information about the ubuntu-security-announce mailing list