Today, July 7, 2016, the Samba development team has announced the immediate availability for download of the Samba 4.4.5, 4.3.11, and 4.2.14 maintenance updates.
According to the release notes, these are security releases that have been pushed to address an issue where the client side SMB2/3 required signing can be downgraded, which has been fully documented at CVE-2016-2119.
“It’s possible for an attacker to downgrade the required signing for an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flags,” reads today’s security advisory.
In layman’s terms, this means that an attacker can impersonate a server that users can connect to using Samba, an open-source re-implementation of the SMB/CIFS networking protocol, and then deliver malicious results.
The issue affects components lik… (read more)
Remember to like our facebook and our twitter @ubuntufree for a chance to win a free Ubuntu laptop by Dell or HP!
Top Trending Pages: Ubuntu Downloads | Ubuntu How To Guide | Download Ubuntu Software | Share Ubuntu Files With Windows
