ESB-2017.3005 - [RedHat] samba: Multiple vulnerabilities 2017-11-27

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.3005
                     Important: samba security update
                             27 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           samba
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-15275 CVE-2017-14746 

Reference:         ESB-2017.2984
                   ESB-2017.2983
                   ESB-2017.3003

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2017:3260
   https://access.redhat.com/errata/RHSA-2017:3261

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: samba security update
Advisory ID:       RHSA-2017:3260-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:3260
Issue date:        2017-11-27
CVE Names:         CVE-2017-14746 CVE-2017-15275 
=====================================================================

1. Summary:

An update for samba is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various
information.

Security Fix(es):

* A use-after-free flaw was found in the way samba servers handled certain
SMB1 requests. An unauthenticated attacker could send specially-crafted
SMB1 requests to cause the server to crash or execute arbitrary code.
(CVE-2017-14746)

* A memory disclosure flaw was found in samba. An attacker could retrieve
parts of server memory, which could contain potentially sensitive data, by
sending specially-crafted requests to the samba server. (CVE-2017-15275)

Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the
original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the
Samba Team) as the original reporter of CVE-2017-15275.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1511899 - CVE-2017-14746 samba: Use-after-free in processing SMB1 requests
1512465 - CVE-2017-15275 samba: Server heap-memory disclosure

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
samba-4.6.2-12.el7_4.src.rpm

noarch:
samba-common-4.6.2-12.el7_4.noarch.rpm

x86_64:
libsmbclient-4.6.2-12.el7_4.i686.rpm
libsmbclient-4.6.2-12.el7_4.x86_64.rpm
libwbclient-4.6.2-12.el7_4.i686.rpm
libwbclient-4.6.2-12.el7_4.x86_64.rpm
samba-client-4.6.2-12.el7_4.x86_64.rpm
samba-client-libs-4.6.2-12.el7_4.i686.rpm
samba-client-libs-4.6.2-12.el7_4.x86_64.rpm
samba-common-libs-4.6.2-12.el7_4.x86_64.rpm
samba-common-tools-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.i686.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm
samba-krb5-printing-4.6.2-12.el7_4.x86_64.rpm
samba-libs-4.6.2-12.el7_4.i686.rpm
samba-libs-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-clients-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-modules-4.6.2-12.el7_4.i686.rpm
samba-winbind-modules-4.6.2-12.el7_4.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
samba-pidl-4.6.2-12.el7_4.noarch.rpm

x86_64:
libsmbclient-devel-4.6.2-12.el7_4.i686.rpm
libsmbclient-devel-4.6.2-12.el7_4.x86_64.rpm
libwbclient-devel-4.6.2-12.el7_4.i686.rpm
libwbclient-devel-4.6.2-12.el7_4.x86_64.rpm
samba-4.6.2-12.el7_4.x86_64.rpm
samba-dc-4.6.2-12.el7_4.x86_64.rpm
samba-dc-libs-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.i686.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm
samba-devel-4.6.2-12.el7_4.i686.rpm
samba-devel-4.6.2-12.el7_4.x86_64.rpm
samba-python-4.6.2-12.el7_4.x86_64.rpm
samba-test-4.6.2-12.el7_4.x86_64.rpm
samba-test-libs-4.6.2-12.el7_4.i686.rpm
samba-test-libs-4.6.2-12.el7_4.x86_64.rpm
samba-vfs-glusterfs-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
samba-4.6.2-12.el7_4.src.rpm

noarch:
samba-common-4.6.2-12.el7_4.noarch.rpm

x86_64:
libsmbclient-4.6.2-12.el7_4.i686.rpm
libsmbclient-4.6.2-12.el7_4.x86_64.rpm
libwbclient-4.6.2-12.el7_4.i686.rpm
libwbclient-4.6.2-12.el7_4.x86_64.rpm
samba-client-4.6.2-12.el7_4.x86_64.rpm
samba-client-libs-4.6.2-12.el7_4.i686.rpm
samba-client-libs-4.6.2-12.el7_4.x86_64.rpm
samba-common-libs-4.6.2-12.el7_4.x86_64.rpm
samba-common-tools-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.i686.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm
samba-libs-4.6.2-12.el7_4.i686.rpm
samba-libs-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-clients-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-modules-4.6.2-12.el7_4.i686.rpm
samba-winbind-modules-4.6.2-12.el7_4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
samba-pidl-4.6.2-12.el7_4.noarch.rpm

x86_64:
libsmbclient-devel-4.6.2-12.el7_4.i686.rpm
libsmbclient-devel-4.6.2-12.el7_4.x86_64.rpm
libwbclient-devel-4.6.2-12.el7_4.i686.rpm
libwbclient-devel-4.6.2-12.el7_4.x86_64.rpm
samba-4.6.2-12.el7_4.x86_64.rpm
samba-dc-4.6.2-12.el7_4.x86_64.rpm
samba-dc-libs-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.i686.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm
samba-devel-4.6.2-12.el7_4.i686.rpm
samba-devel-4.6.2-12.el7_4.x86_64.rpm
samba-krb5-printing-4.6.2-12.el7_4.x86_64.rpm
samba-python-4.6.2-12.el7_4.x86_64.rpm
samba-test-4.6.2-12.el7_4.x86_64.rpm
samba-test-libs-4.6.2-12.el7_4.i686.rpm
samba-test-libs-4.6.2-12.el7_4.x86_64.rpm
samba-vfs-glusterfs-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
samba-4.6.2-12.el7_4.src.rpm

noarch:
samba-common-4.6.2-12.el7_4.noarch.rpm

ppc64:
libsmbclient-4.6.2-12.el7_4.ppc.rpm
libsmbclient-4.6.2-12.el7_4.ppc64.rpm
libwbclient-4.6.2-12.el7_4.ppc.rpm
libwbclient-4.6.2-12.el7_4.ppc64.rpm
samba-4.6.2-12.el7_4.ppc64.rpm
samba-client-4.6.2-12.el7_4.ppc64.rpm
samba-client-libs-4.6.2-12.el7_4.ppc.rpm
samba-client-libs-4.6.2-12.el7_4.ppc64.rpm
samba-common-libs-4.6.2-12.el7_4.ppc64.rpm
samba-common-tools-4.6.2-12.el7_4.ppc64.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc64.rpm
samba-krb5-printing-4.6.2-12.el7_4.ppc64.rpm
samba-libs-4.6.2-12.el7_4.ppc.rpm
samba-libs-4.6.2-12.el7_4.ppc64.rpm
samba-winbind-4.6.2-12.el7_4.ppc64.rpm
samba-winbind-clients-4.6.2-12.el7_4.ppc64.rpm
samba-winbind-modules-4.6.2-12.el7_4.ppc.rpm
samba-winbind-modules-4.6.2-12.el7_4.ppc64.rpm

ppc64le:
libsmbclient-4.6.2-12.el7_4.ppc64le.rpm
libwbclient-4.6.2-12.el7_4.ppc64le.rpm
samba-4.6.2-12.el7_4.ppc64le.rpm
samba-client-4.6.2-12.el7_4.ppc64le.rpm
samba-client-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-common-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-common-tools-4.6.2-12.el7_4.ppc64le.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc64le.rpm
samba-krb5-printing-4.6.2-12.el7_4.ppc64le.rpm
samba-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-winbind-4.6.2-12.el7_4.ppc64le.rpm
samba-winbind-clients-4.6.2-12.el7_4.ppc64le.rpm
samba-winbind-modules-4.6.2-12.el7_4.ppc64le.rpm

s390x:
libsmbclient-4.6.2-12.el7_4.s390.rpm
libsmbclient-4.6.2-12.el7_4.s390x.rpm
libwbclient-4.6.2-12.el7_4.s390.rpm
libwbclient-4.6.2-12.el7_4.s390x.rpm
samba-4.6.2-12.el7_4.s390x.rpm
samba-client-4.6.2-12.el7_4.s390x.rpm
samba-client-libs-4.6.2-12.el7_4.s390.rpm
samba-client-libs-4.6.2-12.el7_4.s390x.rpm
samba-common-libs-4.6.2-12.el7_4.s390x.rpm
samba-common-tools-4.6.2-12.el7_4.s390x.rpm
samba-debuginfo-4.6.2-12.el7_4.s390.rpm
samba-debuginfo-4.6.2-12.el7_4.s390x.rpm
samba-krb5-printing-4.6.2-12.el7_4.s390x.rpm
samba-libs-4.6.2-12.el7_4.s390.rpm
samba-libs-4.6.2-12.el7_4.s390x.rpm
samba-winbind-4.6.2-12.el7_4.s390x.rpm
samba-winbind-clients-4.6.2-12.el7_4.s390x.rpm
samba-winbind-modules-4.6.2-12.el7_4.s390.rpm
samba-winbind-modules-4.6.2-12.el7_4.s390x.rpm

x86_64:
libsmbclient-4.6.2-12.el7_4.i686.rpm
libsmbclient-4.6.2-12.el7_4.x86_64.rpm
libwbclient-4.6.2-12.el7_4.i686.rpm
libwbclient-4.6.2-12.el7_4.x86_64.rpm
samba-4.6.2-12.el7_4.x86_64.rpm
samba-client-4.6.2-12.el7_4.x86_64.rpm
samba-client-libs-4.6.2-12.el7_4.i686.rpm
samba-client-libs-4.6.2-12.el7_4.x86_64.rpm
samba-common-libs-4.6.2-12.el7_4.x86_64.rpm
samba-common-tools-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.i686.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm
samba-krb5-printing-4.6.2-12.el7_4.x86_64.rpm
samba-libs-4.6.2-12.el7_4.i686.rpm
samba-libs-4.6.2-12.el7_4.x86_64.rpm
samba-python-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-clients-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-modules-4.6.2-12.el7_4.i686.rpm
samba-winbind-modules-4.6.2-12.el7_4.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
samba-4.6.2-12.el7_4.src.rpm

aarch64:
libsmbclient-4.6.2-12.el7_4.aarch64.rpm
libwbclient-4.6.2-12.el7_4.aarch64.rpm
samba-4.6.2-12.el7_4.aarch64.rpm
samba-client-4.6.2-12.el7_4.aarch64.rpm
samba-client-libs-4.6.2-12.el7_4.aarch64.rpm
samba-common-libs-4.6.2-12.el7_4.aarch64.rpm
samba-common-tools-4.6.2-12.el7_4.aarch64.rpm
samba-debuginfo-4.6.2-12.el7_4.aarch64.rpm
samba-krb5-printing-4.6.2-12.el7_4.aarch64.rpm
samba-libs-4.6.2-12.el7_4.aarch64.rpm
samba-python-4.6.2-12.el7_4.aarch64.rpm
samba-winbind-4.6.2-12.el7_4.aarch64.rpm
samba-winbind-clients-4.6.2-12.el7_4.aarch64.rpm
samba-winbind-modules-4.6.2-12.el7_4.aarch64.rpm

noarch:
samba-common-4.6.2-12.el7_4.noarch.rpm

ppc64le:
libsmbclient-4.6.2-12.el7_4.ppc64le.rpm
libwbclient-4.6.2-12.el7_4.ppc64le.rpm
samba-4.6.2-12.el7_4.ppc64le.rpm
samba-client-4.6.2-12.el7_4.ppc64le.rpm
samba-client-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-common-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-common-tools-4.6.2-12.el7_4.ppc64le.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc64le.rpm
samba-krb5-printing-4.6.2-12.el7_4.ppc64le.rpm
samba-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-winbind-4.6.2-12.el7_4.ppc64le.rpm
samba-winbind-clients-4.6.2-12.el7_4.ppc64le.rpm
samba-winbind-modules-4.6.2-12.el7_4.ppc64le.rpm

Red Hat Enterprise Linux Server Resilient Storage (v. 7):

ppc64le:
ctdb-4.6.2-12.el7_4.ppc64le.rpm
ctdb-tests-4.6.2-12.el7_4.ppc64le.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc64le.rpm

s390x:
ctdb-4.6.2-12.el7_4.s390x.rpm
ctdb-tests-4.6.2-12.el7_4.s390x.rpm
samba-debuginfo-4.6.2-12.el7_4.s390x.rpm

x86_64:
ctdb-4.6.2-12.el7_4.x86_64.rpm
ctdb-tests-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
samba-pidl-4.6.2-12.el7_4.noarch.rpm

ppc64:
libsmbclient-devel-4.6.2-12.el7_4.ppc.rpm
libsmbclient-devel-4.6.2-12.el7_4.ppc64.rpm
libwbclient-devel-4.6.2-12.el7_4.ppc.rpm
libwbclient-devel-4.6.2-12.el7_4.ppc64.rpm
samba-dc-4.6.2-12.el7_4.ppc64.rpm
samba-dc-libs-4.6.2-12.el7_4.ppc64.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc64.rpm
samba-devel-4.6.2-12.el7_4.ppc.rpm
samba-devel-4.6.2-12.el7_4.ppc64.rpm
samba-python-4.6.2-12.el7_4.ppc64.rpm
samba-test-4.6.2-12.el7_4.ppc64.rpm
samba-test-libs-4.6.2-12.el7_4.ppc.rpm
samba-test-libs-4.6.2-12.el7_4.ppc64.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.ppc64.rpm

ppc64le:
libsmbclient-devel-4.6.2-12.el7_4.ppc64le.rpm
libwbclient-devel-4.6.2-12.el7_4.ppc64le.rpm
samba-dc-4.6.2-12.el7_4.ppc64le.rpm
samba-dc-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc64le.rpm
samba-devel-4.6.2-12.el7_4.ppc64le.rpm
samba-python-4.6.2-12.el7_4.ppc64le.rpm
samba-test-4.6.2-12.el7_4.ppc64le.rpm
samba-test-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.ppc64le.rpm

s390x:
libsmbclient-devel-4.6.2-12.el7_4.s390.rpm
libsmbclient-devel-4.6.2-12.el7_4.s390x.rpm
libwbclient-devel-4.6.2-12.el7_4.s390.rpm
libwbclient-devel-4.6.2-12.el7_4.s390x.rpm
samba-dc-4.6.2-12.el7_4.s390x.rpm
samba-dc-libs-4.6.2-12.el7_4.s390x.rpm
samba-debuginfo-4.6.2-12.el7_4.s390.rpm
samba-debuginfo-4.6.2-12.el7_4.s390x.rpm
samba-devel-4.6.2-12.el7_4.s390.rpm
samba-devel-4.6.2-12.el7_4.s390x.rpm
samba-python-4.6.2-12.el7_4.s390x.rpm
samba-test-4.6.2-12.el7_4.s390x.rpm
samba-test-libs-4.6.2-12.el7_4.s390.rpm
samba-test-libs-4.6.2-12.el7_4.s390x.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.s390x.rpm

x86_64:
libsmbclient-devel-4.6.2-12.el7_4.i686.rpm
libsmbclient-devel-4.6.2-12.el7_4.x86_64.rpm
libwbclient-devel-4.6.2-12.el7_4.i686.rpm
libwbclient-devel-4.6.2-12.el7_4.x86_64.rpm
samba-dc-4.6.2-12.el7_4.x86_64.rpm
samba-dc-libs-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.i686.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm
samba-devel-4.6.2-12.el7_4.i686.rpm
samba-devel-4.6.2-12.el7_4.x86_64.rpm
samba-test-4.6.2-12.el7_4.x86_64.rpm
samba-test-libs-4.6.2-12.el7_4.i686.rpm
samba-test-libs-4.6.2-12.el7_4.x86_64.rpm
samba-vfs-glusterfs-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
libsmbclient-devel-4.6.2-12.el7_4.aarch64.rpm
libwbclient-devel-4.6.2-12.el7_4.aarch64.rpm
samba-dc-4.6.2-12.el7_4.aarch64.rpm
samba-dc-libs-4.6.2-12.el7_4.aarch64.rpm
samba-debuginfo-4.6.2-12.el7_4.aarch64.rpm
samba-devel-4.6.2-12.el7_4.aarch64.rpm
samba-test-4.6.2-12.el7_4.aarch64.rpm
samba-test-libs-4.6.2-12.el7_4.aarch64.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.aarch64.rpm

noarch:
samba-pidl-4.6.2-12.el7_4.noarch.rpm

ppc64le:
libsmbclient-devel-4.6.2-12.el7_4.ppc64le.rpm
libwbclient-devel-4.6.2-12.el7_4.ppc64le.rpm
samba-dc-4.6.2-12.el7_4.ppc64le.rpm
samba-dc-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-debuginfo-4.6.2-12.el7_4.ppc64le.rpm
samba-devel-4.6.2-12.el7_4.ppc64le.rpm
samba-python-4.6.2-12.el7_4.ppc64le.rpm
samba-test-4.6.2-12.el7_4.ppc64le.rpm
samba-test-libs-4.6.2-12.el7_4.ppc64le.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
samba-4.6.2-12.el7_4.src.rpm

noarch:
samba-common-4.6.2-12.el7_4.noarch.rpm

x86_64:
libsmbclient-4.6.2-12.el7_4.i686.rpm
libsmbclient-4.6.2-12.el7_4.x86_64.rpm
libwbclient-4.6.2-12.el7_4.i686.rpm
libwbclient-4.6.2-12.el7_4.x86_64.rpm
samba-4.6.2-12.el7_4.x86_64.rpm
samba-client-4.6.2-12.el7_4.x86_64.rpm
samba-client-libs-4.6.2-12.el7_4.i686.rpm
samba-client-libs-4.6.2-12.el7_4.x86_64.rpm
samba-common-libs-4.6.2-12.el7_4.x86_64.rpm
samba-common-tools-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.i686.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm
samba-krb5-printing-4.6.2-12.el7_4.x86_64.rpm
samba-libs-4.6.2-12.el7_4.i686.rpm
samba-libs-4.6.2-12.el7_4.x86_64.rpm
samba-python-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-clients-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-modules-4.6.2-12.el7_4.i686.rpm
samba-winbind-modules-4.6.2-12.el7_4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
samba-pidl-4.6.2-12.el7_4.noarch.rpm

x86_64:
libsmbclient-devel-4.6.2-12.el7_4.i686.rpm
libsmbclient-devel-4.6.2-12.el7_4.x86_64.rpm
libwbclient-devel-4.6.2-12.el7_4.i686.rpm
libwbclient-devel-4.6.2-12.el7_4.x86_64.rpm
samba-dc-4.6.2-12.el7_4.x86_64.rpm
samba-dc-libs-4.6.2-12.el7_4.x86_64.rpm
samba-debuginfo-4.6.2-12.el7_4.i686.rpm
samba-debuginfo-4.6.2-12.el7_4.x86_64.rpm
samba-devel-4.6.2-12.el7_4.i686.rpm
samba-devel-4.6.2-12.el7_4.x86_64.rpm
samba-test-4.6.2-12.el7_4.x86_64.rpm
samba-test-libs-4.6.2-12.el7_4.i686.rpm
samba-test-libs-4.6.2-12.el7_4.x86_64.rpm
samba-vfs-glusterfs-4.6.2-12.el7_4.x86_64.rpm
samba-winbind-krb5-locator-4.6.2-12.el7_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-14746
https://access.redhat.com/security/cve/CVE-2017-15275
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaG5bhXlSAg2UNWIIRAuGbAKCmUcujvuQaLpSQ02DfCRzbK7/qFACgtt5C
PzSU5PZGbSgphBCKrRY6AzY=
=R43A
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: samba security update
Advisory ID:       RHSA-2017:3261-01
Product:           Red Hat Gluster Storage
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:3261
Issue date:        2017-11-27
CVE Names:         CVE-2017-14746 CVE-2017-15275 
=====================================================================

1. Summary:

An update for samba is now available for Red Hat Gluster Storage 3.3 for
Red Hat Enterprise Linux 6 and Red Hat Gluster Storage 3.3 for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Gluster 3.3 Samba on RHEL-6 - noarch, x86_64
Red Hat Gluster 3.3 Samba on RHEL-7 - noarch, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various
information.

Security Fix(es):

* A use-after-free flaw was found in the way samba servers handled certain
SMB1 requests. An unauthenticated attacker could send specially-crafted
SMB1 requests to cause the server to crash or execute arbitrary code.
(CVE-2017-14746)

* A memory disclosure flaw was found in samba. An attacker could retrieve
parts of server memory, which could contain potentially sensitive data, by
sending specially-crafted requests to the samba server. (CVE-2017-15275)

Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the
original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the
Samba Team) as the original reporter of CVE-2017-15275.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1511899 - CVE-2017-14746 samba: Use-after-free in processing SMB1 requests
1512465 - CVE-2017-15275 samba: Server heap-memory disclosure

6. Package List:

Red Hat Gluster 3.3 Samba on RHEL-6:

Source:
samba-4.6.3-9.el6rhs.src.rpm

noarch:
samba-common-4.6.3-9.el6rhs.noarch.rpm
samba-pidl-4.6.3-9.el6rhs.noarch.rpm

x86_64:
ctdb-4.6.3-9.el6rhs.x86_64.rpm
ctdb-tests-4.6.3-9.el6rhs.x86_64.rpm
libsmbclient-4.6.3-9.el6rhs.x86_64.rpm
libsmbclient-devel-4.6.3-9.el6rhs.x86_64.rpm
libwbclient-4.6.3-9.el6rhs.x86_64.rpm
libwbclient-devel-4.6.3-9.el6rhs.x86_64.rpm
samba-4.6.3-9.el6rhs.x86_64.rpm
samba-client-4.6.3-9.el6rhs.x86_64.rpm
samba-client-libs-4.6.3-9.el6rhs.x86_64.rpm
samba-common-libs-4.6.3-9.el6rhs.x86_64.rpm
samba-common-tools-4.6.3-9.el6rhs.x86_64.rpm
samba-dc-4.6.3-9.el6rhs.x86_64.rpm
samba-dc-libs-4.6.3-9.el6rhs.x86_64.rpm
samba-debuginfo-4.6.3-9.el6rhs.x86_64.rpm
samba-devel-4.6.3-9.el6rhs.x86_64.rpm
samba-krb5-printing-4.6.3-9.el6rhs.x86_64.rpm
samba-libs-4.6.3-9.el6rhs.x86_64.rpm
samba-python-4.6.3-9.el6rhs.x86_64.rpm
samba-test-4.6.3-9.el6rhs.x86_64.rpm
samba-test-libs-4.6.3-9.el6rhs.x86_64.rpm
samba-vfs-glusterfs-4.6.3-9.el6rhs.x86_64.rpm
samba-winbind-4.6.3-9.el6rhs.x86_64.rpm
samba-winbind-clients-4.6.3-9.el6rhs.x86_64.rpm
samba-winbind-krb5-locator-4.6.3-9.el6rhs.x86_64.rpm
samba-winbind-modules-4.6.3-9.el6rhs.x86_64.rpm

Red Hat Gluster 3.3 Samba on RHEL-7:

Source:
samba-4.6.3-9.el7rhgs.src.rpm

noarch:
samba-common-4.6.3-9.el7rhgs.noarch.rpm
samba-pidl-4.6.3-9.el7rhgs.noarch.rpm

x86_64:
ctdb-4.6.3-9.el7rhgs.x86_64.rpm
ctdb-tests-4.6.3-9.el7rhgs.x86_64.rpm
libsmbclient-4.6.3-9.el7rhgs.x86_64.rpm
libsmbclient-devel-4.6.3-9.el7rhgs.x86_64.rpm
libwbclient-4.6.3-9.el7rhgs.x86_64.rpm
libwbclient-devel-4.6.3-9.el7rhgs.x86_64.rpm
samba-4.6.3-9.el7rhgs.x86_64.rpm
samba-client-4.6.3-9.el7rhgs.x86_64.rpm
samba-client-libs-4.6.3-9.el7rhgs.x86_64.rpm
samba-common-libs-4.6.3-9.el7rhgs.x86_64.rpm
samba-common-tools-4.6.3-9.el7rhgs.x86_64.rpm
samba-dc-4.6.3-9.el7rhgs.x86_64.rpm
samba-dc-libs-4.6.3-9.el7rhgs.x86_64.rpm
samba-debuginfo-4.6.3-9.el7rhgs.x86_64.rpm
samba-devel-4.6.3-9.el7rhgs.x86_64.rpm
samba-krb5-printing-4.6.3-9.el7rhgs.x86_64.rpm
samba-libs-4.6.3-9.el7rhgs.x86_64.rpm
samba-python-4.6.3-9.el7rhgs.x86_64.rpm
samba-test-4.6.3-9.el7rhgs.x86_64.rpm
samba-test-libs-4.6.3-9.el7rhgs.x86_64.rpm
samba-vfs-glusterfs-4.6.3-9.el7rhgs.x86_64.rpm
samba-winbind-4.6.3-9.el7rhgs.x86_64.rpm
samba-winbind-clients-4.6.3-9.el7rhgs.x86_64.rpm
samba-winbind-krb5-locator-4.6.3-9.el7rhgs.x86_64.rpm
samba-winbind-modules-4.6.3-9.el7rhgs.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-14746
https://access.redhat.com/security/cve/CVE-2017-15275
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaG5DFXlSAg2UNWIIRAtE4AKCDLZoJ52C26RJA8P1Q302Sy4ybBwCdGWMV
dsWz3nnaSrvyVTrCSZFlQRg=
=95/+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWhunZ4x+lLeg9Ub1AQjKjw/+LuVjMvO4ZGyaw7B33wmfHIL2AzuaKwKh
E9e8+t3EW/0roRE0mBbWCzArPT5yMrk8CaxtaUfq20ABiNO88BdMVOgGoYF5aAtY
C8+r9n8wI6jTPkeuTcVYwyd1+9EK0uA62tabwzq6g9X5MNl88Ec4tbQPj8MA1FhG
rKt7x16LmyhxIWjB7O1d+95qD9fMBEZd85ZFujNnQhtlKgE3jz489p4QsxFI7Ahj
DN6KTAsGyC61WvHmWK7FA+FdXFn4XP7AlZ4T1bHU+WvNGQZfLl+ND5KzV0joOTh9
3zhK11d7lRceR16UJpxIj3mmnt9KUntJqwdK8CuuH1SqMOxYJxE6hE6ogXjIfwuu
nkOcy2Ocnz1qzkvcBkG1pgVYMW3+S05kUmubTjT326btvccN8UWNVr2Rw6fqjgek
b19SxnHVkg+eLCff/5OZhA+G6A3himZK3v6Mc30UGO7enHXYC96gxRCby9KktBin
rLFQiVi0M/+B9K6OoVCo0VGGQdjRXzUhMSymOjYcN3q6zVTmF65STRZ8vbiyI306
XJjtd99SSYb+uilDeE2KN0lrjk610nRMHreas8yb9iU/vWh5xu3sKKD1tq65Edo2
hYmMvuXXwh2hpptvVEgHK6dvR7D0odtWvCHv6xAYuMDehfnofjPQD97H5KoOphgH
FlTtj5OcAJE=
=46M/
-----END PGP SIGNATURE-----

« Back to bulletins