Our development has released a Samba security update that closes a security gap that allowed attackers to make the Samba (smbd) fileserver component execute program code from a library that the attacker themselves copied to a writable file share. This so-called remote code execution (RCE) could be used to extend the privileges of the attacker, right up to the takeover of root privileges on the server.
The gap is documented as CVE-2017-7494 and affects all UCS releases since UCS 2.4 (Samba 3.5.0). We therefore advise you to update to the latest Errata update of a maintained UCS release.
You can find more information about the updates here: UCS 4.1 / UCS 4.2
Use UCS Core Edition for Free!Download now
Maren Abatielos joined Univention in 2012. Since then she has been engaged in content and social media marketing for UCS and Open Source in general.