According to the release notes, these are security releases that have been pushed to address an issue where the client side SMB2/3 required signing can be downgraded, which has been fully documented at CVE-2016-2119.
“It’s possible for an attacker to downgrade the required signing for an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flags,” reads today’s security advisory.
In layman’s terms, this means that an attacker can impersonate a server that users can connect to using Samba, an open-source re-implementation of the SMB/CIFS networking protocol, and then deliver malicious results.
The issue affects components lik… (read more)
Remember to like our facebook and our twitter @ubuntufree for a chance to win a free Ubuntu laptop by Dell or HP!
Top Trending Pages: Ubuntu Downloads | Ubuntu How To Guide | Download Ubuntu Software | Share Ubuntu Files With Windows