Samba: Multiple vulnerabilities — GLSA 202003-52

Multiple vulnerabilities have been found in Samba, the worst of which could lead to remote code execution.

Affected packages

net-fs/samba on all architectures
Affected versions < 4.11.6
Unaffected versions revision >= 4.9.18
revision >= 4.10.13
revision >= 4.11.6

Background

Samba is a suite of SMB and CIFS client/server programs.

Description

Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Samba 4.9.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/samba-4.9.18"
 

All Samba 4.10.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/samba-4.10.13"
 

All Samba 4.11.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/samba-4.11.6"
 

References

Release date
March 25, 2020

Latest revision
March 25, 2020: 1

Severity
normal

Exploitable
remote

Bugzilla entries