CVE-2017-7494 in Ubuntu

CVE-2017-7494

Priority

High

Description

Samba since version 3.5.0 is vulnerable to remote code execution
vulnerability, allowing a malicious client to upload a shared library to a
writable share, and then cause the server to load and execute it.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
https://www.samba.org/samba/security/CVE-2017-7494.html
https://usn.ubuntu.com/usn/usn-3296-1
https://usn.ubuntu.com/usn/usn-3296-2

Bugs

https://bugzilla.samba.org/show_bug.cgi?id=12780

Assigned-to

mdeslaur

Package

Source: samba (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	released (2:3.6.25-0ubuntu0.12.04.11)
Ubuntu 14.04 LTS (Trusty Tahr):	released (2:4.3.11+dfsg-0ubuntu0.14.04.8)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2:4.3.11+dfsg-0ubuntu0.16.04.7)
Ubuntu 17.04 (Zesty Zapus):	released (2:4.5.8+dfsg-0ubuntu0.17.04.2)
Ubuntu 17.10 (Artful Aardvark):	released (2:4.5.8+dfsg-0ubuntu1)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-15 20:35:56 UTC (commit 13913)