[Solved] - Is this Samba thing a problem?

[kdemeoz]

Hello

From a post in the Mint forum i found this link, https://thehackernews.com/2017/05/samba-...ploit.html. I do not [knowingly] use Samba, nor do i really understand what it's for. I assumed therefore that Samba would not be on my pc, but apparently i was wrong:

Code:

$ samba --version
Version 4.3.11-Ubuntu

The article says:

The maintainers of Samba has already patched the issue in their new versions Samba versions 4.6.4/4.5.10/4.4.14, and are urging those using a vulnerable version of Samba to install the patch as soon as possible.

Should i be anxious? Is there anything i should do? Will the Maui repos soon get the patched version?

[kdemeoz]

I was curious to see what Samba version is in Neon, so i launched my Neon VM. To my surprise:

Code:

VirtualBox:~$ samba --version
The program 'samba' is currently not installed. You can install it by typing:
sudo apt install samba

Does that imply then that back in my real Maui, i can simply uninstall Samba, then forget about this matter?

[leszek]

If you don't use samba for sharing files with macos or windows pcs over network then you can simply remove it.
By default samba is installed but not activated.
It is purely there so you will have the option in dolphin to share folders easily.
If you updated your package to version 2:4.3.11+dfsg-0ubuntu0.16.04.7 (which should come as a normal update) it includes the fix for CVE-2017-7494.
This update did come out last week already.

[kdemeoz]

Thanks. Well, based on your advice, + my earlier info [that i do not use Samba & will never need to], i have now removed Samba via Synaptic [which also removed Winbind]. It was, btw, the same version that you indicated.

I was surprised to see however that there's several other Samba-like packages that Synaptic did not remove at the same time, & afterwards i found that even

Code:

sudo apt autoremove

did not remove them:
   

Presumably none of these things should be needed anymore on my Tower -- is that true? If so, then after your confirmation i shall remove each of these as well.

[leszek]

They are needed for samba clients apparently and other applications.

[kdemeoz]

They are needed for samba clients apparently and other applications.

Sorry, i don't really understand. I've already explained that i do not use/need/want Samba, so [even though i do not know what a "samba client" is], presumably having removed Samba itself, none of the other stuff in my pic should be necessary? Or are you meaning that despite me not needing Samba, i should not remove these packages otherwise i might break my Maui?

[leszek]

Samba client is a needed for accessing smb:// shares. If you don't need or want this you can just remove that aswell.

[kdemeoz]

In the pic i uploaded there are 10 packages related to Samba. What i am asking is simply this... is it safe (ie, i do not want to break Maui] for me to remove all 10 [given that i have already removed Samba version 2:4.3.11+dfsg-0ubuntu0.16.04.7]?

[leszek]

It should be save. Though when removing take a look that it does not want to remove anything that you still want or need.

[kdemeoz]

Thanks. I removed most but not all of those samba-affiliated packages. The ones i had to leave, & why, are as follows (i must say, i find it pretty weird that removing an incidental ancillary pgm like samba, or in this case some of its related packages, would actually force removal of entirely unrelated major pgms like for instance KMyMoney, kdesudo, k3b, kde-runtime etc!!]: