USN-5993-1: Samba vulnerabilities
3 April 2023
Samba could be made to expose sensitive information over the network.
Releases
Packages
- samba - SMB/CIFS file, print, and login server for Unix
Details
Demi Marie Obenour discovered that the Samba LDAP server incorrectly
handled certain confidential attribute values. A remote authenticated
attacker could possibly use this issue to obtain certain sensitive
information. (CVE-2023-0614)
Andrew Bartlett discovered that the Samba AD DC admin tool incorrectly
sent passwords in cleartext. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2023-0922)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
Ubuntu 22.04
Ubuntu 20.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5992-1: python3-ldb, ldb, ldb-tools, python3-ldb-dev, libldb2, libldb-dev