Ubuntu Security Notice USN-4931-1
May 03, 2021
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
Several security issues were fixed in Samba.
– samba: SMB/CIFS file, print, and login server for Unix
Steven French discovered that Samba incorrectly handled ChangeNotify
permissions. A remote attacker could possibly use this issue to obtain file
name information. (CVE-2020-14318)
Bas Alberts discovered that Samba incorrectly handled certain winbind
requests. A remote attacker could possibly use this issue to cause winbind
to crash, resulting in a denial of service. (CVE-2020-14323)
Francis Brosnan Blázquez discovered that Samba incorrectly handled certain
invalid DNS records. A remote attacker could possibly use this issue to
cause the DNS server to crash, resulting in a denial of service.
Peter Eriksson discovered that Samba incorrectly handled certain negative
idmap cache entries. This issue could result in certain users gaining
unauthorized access to files, contrary to expected behaviour.
The problem can be corrected by updating your system to the following
Ubuntu 14.04 ESM:
In general, a standard system update will make all the necessary changes.
CVE-2020-14318, CVE-2020-14323, CVE-2020-14383, CVE-2021-20254