Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Gentoo Linux Security Advisory 202402-28[6]
- Authored by Gentoo[7] | Site security.gentoo.org[8]
-
Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.
- systems | linux[9], gentoo[10]
- advisories | CVE-2018-14628[11], CVE-2022-2127[12], CVE-2023-3347[13], CVE-2023-34966[14], CVE-2023-34967[15], CVE-2023-34968[16], CVE-2023-3961[17], CVE-2023-4091[18], CVE-2023-4154[19], CVE-2023-42669[20], CVE-2023-42670[21]
- SHA-256 |
c1b77ea663583d7b2f9d45426761c56ddbb0b4ac671059fc79dbe605a5da5b12
- Download[22] | Favorite[23] | View[24]
Change Mirror[25] Download[26]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Samba: Multiple Vulnerabilities
Date: February 19, 2024
Bugs: #891267, #910606, #915556
ID: 202402-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Samba, the worst of
which can lead to remote code execution.
Background
==========
Samba is a suite of SMB and CIFS client/server programs.
Affected packages
=================
Package Vulnerable Unaffected
------------ ------------ ------------
net-fs/samba < 4.18.9 >= 4.18.9
Description
===========
Multiple vulnerabilities have been discovered in Samba. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Samba users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.9"
References
==========
[ 1 ] CVE-2018-14628
https://nvd.nist.gov/vuln/detail/CVE-2018-14628
[ 2 ] CVE-2022-2127
https://nvd.nist.gov/vuln/detail/CVE-2022-2127
[ 3 ] CVE-2023-3347
https://nvd.nist.gov/vuln/detail/CVE-2023-3347
[ 4 ] CVE-2023-3961
https://nvd.nist.gov/vuln/detail/CVE-2023-3961
[ 5 ] CVE-2023-4091
https://nvd.nist.gov/vuln/detail/CVE-2023-4091
[ 6 ] CVE-2023-4154
https://nvd.nist.gov/vuln/detail/CVE-2023-4154
[ 7 ] CVE-2023-34966
https://nvd.nist.gov/vuln/detail/CVE-2023-34966
[ 8 ] CVE-2023-34967
https://nvd.nist.gov/vuln/detail/CVE-2023-34967
[ 9 ] CVE-2023-34968
https://nvd.nist.gov/vuln/detail/CVE-2023-34968
[ 10 ] CVE-2023-42669
https://nvd.nist.gov/vuln/detail/CVE-2023-42669
[ 11 ] CVE-2023-42670
https://nvd.nist.gov/vuln/detail/CVE-2023-42670
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202402-28
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed toCette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
File Tags
- ActiveX[32] (933)
- Advisory[33] (84,203)
- Arbitrary[34] (16,544)
- BBS[35] (2,859)
- Bypass[36] (1,812)
- CGI[37] (1,031)
- Code Execution[38] (7,561)
- Conference[39] (687)
- Cracker[40] (844)
- CSRF[41] (3,368)
- DoS[42] (24,314)
- Encryption[43] (2,380)
- Exploit[44] (52,534)
- File Inclusion[45] (4,242)
- File Upload[46] (982)
- Firewall[47] (822)
- Info Disclosure[48] (2,826)
- Intrusion Detection[49] (905)
- Java[50] (3,112)
- JavaScript[51] (887)
- Kernel[52] (6,921)
- Local[53] (14,640)
- Magazine[54] (586)
- Overflow[55] (12,970)
- Perl[56] (1,430)
- PHP[57] (5,170)
- Proof of Concept[58] (2,364)
- Protocol[59] (3,683)
- Python[60] (1,589)
- Remote[61] (31,245)
- Root[62] (3,613)
- Rootkit[63] (519)
- Ruby[64] (616)
- Scanner[65] (1,647)
- Security Tool[66] (7,962)
- Shell[67] (3,228)
- Shellcode[68] (1,216)
- Sniffer[69] (899)
- Spoof[70] (2,236)
- SQL Injection[71] (16,476)
- TCP[72] (2,420)
- Trojan[73] (688)
- UDP[74] (896)
- Virus[75] (668)
- Vulnerability[76] (32,428)
- Web[77] (9,827)
- Whitepaper[78] (3,765)
- x86[79] (966)
- XSS[80] (18,112)
- Other[81]
File Archives
- February 2024[82]
- January 2024[83]
- December 2023[84]
- November 2023[85]
- October 2023[86]
- September 2023[87]
- August 2023[88]
- July 2023[89]
- June 2023[90]
- May 2023[91]
- April 2023[92]
- March 2023[93]
- Older[94]
Systems
- AIX[95] (429)
- Apple[96] (2,060)
- BSD[97] (375)
- CentOS[98] (57)
- Cisco[99] (1,926)
- Debian[100] (6,970)
- Fedora[101] (1,693)
- FreeBSD[102] (1,246)
- Gentoo[103] (4,458)
- HPUX[104] (880)
- iOS[105] (369)
- iPhone[106] (108)
- IRIX[107] (220)
- Juniper[108] (69)
- Linux[109] (48,619)
- Mac OS X[110] (691)
- Mandriva[111] (3,105)
- NetBSD[112] (256)
- OpenBSD[113] (487)
- RedHat[114] (15,099)
- Slackware[115] (941)
- Solaris[116] (1,611)
- SUSE[117] (1,444)
- Ubuntu[118] (9,290)
- UNIX[119] (9,371)
- UnixWare[120] (187)
- Windows[121] (6,627)
- Other[122]
- Services
- Security Services[133]
- Hosting By
- Rokasec[134]
Read more https://packetstormsecurity.com/files/177192/glsa-202402-28.txt