Alert GCSA-21125 - Aggiornamento di sicurezza per Samba server

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

******************************************************************

alert ID: GCSA-21125
data: 12 novembre 2021
titolo: Aggiornamento di sicurezza per Samba server

******************************************************************

:: Descrizione del problema

Il team di Samba ha rilasciato nuove versioni del server Samba
(SMB/CIFS file, print, and login server for Unix),
con le quali risolvere vulnerabilita' presenti in
varie versioni del software.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Samba file server versioni 3.0 e successive


:: Impatto

Denial of Service (DoS)
Elevation of Privilege (EoP)
Security Feature Bypass (SFB)
Unauthorised Access
Provide Misleading Information (Spoofing)


:: Soluzioni

Applicare le seguenti patch

https://www.samba.org/samba/history/security.html

oppure aggiornare alle ultime versioni

https://www.samba.org/samba/history/samba-4.13.14.html
https://www.samba.org/samba/history/samba-4.14.10.html
https://www.samba.org/samba/history/samba-4.15.2.html


:: Riferimenti

Samba Announcement
https://www.samba.org/samba/security/CVE-2016-2124
https://www.samba.org/samba/security/CVE-2020-25717
https://www.samba.org/samba/security/CVE-2020-25718
https://www.samba.org/samba/security/CVE-2020-25719
https://www.samba.org/samba/security/CVE-2020-25721
https://www.samba.org/samba/security/CVE-2020-25722
https://www.samba.org/samba/security/CVE-2021-3738
https://www.samba.org/samba/security/CVE-2021-23192

Debian Security Announce
https://lists.debian.org/debian-security-announce/2021/msg00188.html
https://www.debian.org/security/2021/dsa-5003

Ubuntu Security Notice
https://ubuntu.com/security/notices/USN-5142-1

SUSE security advisories
https://www.suse.com/support/update/announcement/2021/suse-su-20213650-1
https://www.suse.com/support/update/announcement/2021/suse-su-20213649-1

Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192


GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYY57jgAKCRDBnEyTZRJg
QihuAJ4zSBJLJHlBQQhlL8SOEwVAnX4fOwCeMhrJv6v2lhYypTfb/0ezKnGzzhg=
=lPPi
-----END PGP SIGNATURE-----