Alert GCSA-23093 - Aggiornamento di sicurezza per Samba server
******************************************************************
alert ID: GCSA-23093
data: 01 agosto 2023
titolo: Aggiornamento di sicurezza per Samba server
******************************************************************
:: Descrizione del problema
Il team di Samba ha rilasciato nuove versioni del server Samba
(SMB/CIFS file, print, and login server for Unix),
con le quali risolvere alcune vulnerabilita' presenti
in varie versioni del software.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Samba file server versioni precedenti alla 4.18.5
Samba file server versioni precedenti alla 4.17.10
Samba file server versioni precedenti alla 4.16.11
:: Impatto
Bypass delle funzionalita' di sicurezza (SFB)
Accesso a dati riservati (ID)
Data Manipulation (Tampering)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
:: Soluzioni
Applicare le seguenti patch
https://www.samba.org/samba/history/security.html
oppure aggiornare alle ultime versioni
https://www.samba.org/samba/history/samba-4.18.5.html
https://www.samba.org/samba/history/samba-4.17.10.html
https://www.samba.org/samba/history/samba-4.16.11.html
https://www.samba.org/samba/download/
:: Riferimenti
Samba Announcement
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
Mitre's CVE ID
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
Red Hat Security Advisory
https://access.redhat.com/errata/RHSA-2023:4325
https://access.redhat.com/errata/RHSA-2023:4328
SUSE
https://www.suse.com/support/update/announcement/2023/suse-su-20233017-1
https://www.suse.com/support/update/announcement/2023/suse-su-20233066-1
https://www.suse.com/support/update/announcement/2023/suse-su-20233060-1
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZMjNFw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC+1kAn261ltpAZAC+OT7yzOeSFGtqZhlDAKDPnu9ILtAS
7sDrZXFH1VGfgKC+Mg==
=VGYf
-----END PGP SIGNATURE-----
alert ID: GCSA-23093
data: 01 agosto 2023
titolo: Aggiornamento di sicurezza per Samba server
******************************************************************
:: Descrizione del problema
Il team di Samba ha rilasciato nuove versioni del server Samba
(SMB/CIFS file, print, and login server for Unix),
con le quali risolvere alcune vulnerabilita' presenti
in varie versioni del software.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Samba file server versioni precedenti alla 4.18.5
Samba file server versioni precedenti alla 4.17.10
Samba file server versioni precedenti alla 4.16.11
:: Impatto
Bypass delle funzionalita' di sicurezza (SFB)
Accesso a dati riservati (ID)
Data Manipulation (Tampering)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
:: Soluzioni
Applicare le seguenti patch
https://www.samba.org/samba/history/security.html
oppure aggiornare alle ultime versioni
https://www.samba.org/samba/history/samba-4.18.5.html
https://www.samba.org/samba/history/samba-4.17.10.html
https://www.samba.org/samba/history/samba-4.16.11.html
https://www.samba.org/samba/download/
:: Riferimenti
Samba Announcement
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
Mitre's CVE ID
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
Red Hat Security Advisory
https://access.redhat.com/errata/RHSA-2023:4325
https://access.redhat.com/errata/RHSA-2023:4328
SUSE
https://www.suse.com/support/update/announcement/2023/suse-su-20233017-1
https://www.suse.com/support/update/announcement/2023/suse-su-20233066-1
https://www.suse.com/support/update/announcement/2023/suse-su-20233060-1
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZMjNFw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC+1kAn261ltpAZAC+OT7yzOeSFGtqZhlDAKDPnu9ILtAS
7sDrZXFH1VGfgKC+Mg==
=VGYf
-----END PGP SIGNATURE-----