[USN-5260-1] Samba vulnerabilities

========================================================================== Ubuntu Security Notice USN-5260-1 February 01, 2022
samba vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 20.04 LTS
Several security issues were fixed in Samba.
Software Description: – samba: SMB/CIFS file, print, and login server for Unix
Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. (CVE-2021-44142)
Michael Hanselmann discovered that Samba incorrectly created directories. In certain configurations, a remote attacker could possibly create a directory on the server outside of the shared directory. (CVE-2021-43566)
Kees van Vloten discovered that Samba incorrectly handled certain aliased SPN checks. A remote attacker could possibly use this issue to impersonate services. (CVE-2022-0336)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: samba 2:4.13.17~dfsg-0ubuntu0.21.10.1
Ubuntu 20.04 LTS: samba 2:4.13.17~dfsg-0ubuntu0.21.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5260-1 CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
Package Information: launchpad.net/ubuntu/+source/samba/2:4.13.17~dfsg-0ubuntu0.21.10.1 launchpad.net/ubuntu/+source/samba/2:4.13.17~dfsg-0ubuntu0.21.04.1