-2

Company lockdown, I am not allowed to use apt-get so I have to get our systems team to download packages for me, they ftp them to the system and then I install them with 

dpkg -i <package>.deb

Pain in the **** but I can't get this changed; I've asked, pleaded and cajoled but the auditors and security boys will not allow it, no matter that I have to send a request to them every time I want to install a new package or dependency.

SO: I need to upgrade from 16.04.3LTS to 16.04.7LTS (to fix a Samba vulnerability). Any idea if this is possible using package downloads, and where I can find them? Is it just a kernel, and if so where can I get it?

Ah OK looking further into info on CVE-2017-7494 I see "Ubuntu 16.04 LTS (Xenial Xerus): released (2:4.3.11+dfsg-0ubuntu0.16.04.7)". The installed Samba version I have is 4.3.11 so I'm not sure why I'm seeing Ubuntu 16.04.7 in there? I get confused easily...

jokerdino
  • 41,732
Malc P
  • 1

2 Answers2

3

Until today Xenial didn't go beyond the third point release, so 16.04.3 is the most recent Ubuntu 16.04 you can get – see here and here.

No matter which particular vulnerability you refer to, if it can be fixed you always just need to update samba to do so. Test which version is installed using samba --version, compare it with the current version number here and if necessary download it from there and install it as usual.

dessert
  • 40,956
1

Frankly... If they download it for you, and then put it in place for you to use the security guys aren't going to be happy either. None of the code was audited, and that's what the security guys are panicky about (and should know better, but you know... Their paycheck is guaranteed by insecure systems and insane firewall/filtering policies) Basically, your system admins should open the filters/firewall to one chosen mirror and that would be enough. It's functionally equivalent to downloading and then providing it for you.

Still, given that they still bothered to download everything, it looks like the best way for them would be to create an Ubuntu Mirror on-site. They manage the mirror (the same as downloading everything, but easier) and you point your apt-sources to the mirror.

That is actually, exactly how this should be handled.

Also, it is fully documented.

jawtheshark
  • 2,617