Alert GCSA-22137 - Aggiornamento di sicurezza per Samba server


******************************************************************

Alert ID: GCSA-22137
data: 19 dicembre 2022
titolo: Aggiornamento di sicurezza per Samba server

******************************************************************

:: Descrizione del problema

Il team di Samba ha rilasciato nuove versioni del server Samba
(SMB/CIFS file, print, and login server for Unix),
con le quali risolvere alcune vulnerabilita' presenti
in varie versioni del software.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Samba file server versioni precedenti alla 4.17.4
Samba file server versioni precedenti alla 4.16.8
Samba file server versioni precedenti alla 4.15.13


:: Impatto

Bypass delle funzionalita' di sicurezza (SFB)
Acquisizione di privilegi piu' elevati (EoP)


:: Soluzioni

Applicare le seguenti patch

https://www.samba.org/samba/history/security.html

oppure aggiornare alle ultime versioni

https://www.samba.org/samba/history/samba-4.17.4.html
https://www.samba.org/samba/history/samba-4.16.8.html
https://www.samba.org/samba/history/samba-4.15.13.html
https://www.samba.org/samba/download/


:: Riferimenti

Samba Announcement
https://www.samba.org/samba/security/CVE-2022-45141.html
https://www.samba.org/samba/security/CVE-2022-37967.html
https://www.samba.org/samba/security/CVE-2022-37966.html
https://www.samba.org/samba/security/CVE-2022-38023.html

Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45141


GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCY6Bz8Q0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCRV4AoJ8GnXUh4Rg6ff5VHmjxthn2oRuPAJ9UnNWsfZvZ
E02VivBEbu7fUnoLTA==
=YL6d
-----END PGP SIGNATURE-----