Oval Definition:oval:com.redhat.rhsa:def:20172789
Revision Date:2017-09-21Version:635
Title:RHSA-2017:2789: samba security update (Moderate)
Description:Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

  • A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619)

  • It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150)

  • An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163)

    Red Hat would like to thank the Samba project for reporting CVE-2017-2619 and CVE-2017-12150 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2017-12150
    CVE-2017-12163
    CVE-2017-2619
    RHSA-2017:2789
    RHSA-2017:2789-00
    RHSA-2017:2789-01
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libsmbclient is earlier than 0:3.6.23-45.el6_9
  • AND libsmbclient is signed with Red Hat redhatrelease2 key
  • libsmbclient-devel is earlier than 0:3.6.23-45.el6_9
  • AND libsmbclient-devel is signed with Red Hat redhatrelease2 key
  • samba is earlier than 0:3.6.23-45.el6_9
  • AND samba is signed with Red Hat redhatrelease2 key
  • samba-client is earlier than 0:3.6.23-45.el6_9
  • AND samba-client is signed with Red Hat redhatrelease2 key
  • samba-common is earlier than 0:3.6.23-45.el6_9
  • AND samba-common is signed with Red Hat redhatrelease2 key
  • samba-doc is earlier than 0:3.6.23-45.el6_9
  • AND samba-doc is signed with Red Hat redhatrelease2 key
  • samba-domainjoin-gui is earlier than 0:3.6.23-45.el6_9
  • AND samba-domainjoin-gui is signed with Red Hat redhatrelease2 key
  • samba-glusterfs is earlier than 0:3.6.23-45.el6_9
  • AND samba-glusterfs is signed with Red Hat redhatrelease2 key
  • samba-swat is earlier than 0:3.6.23-45.el6_9
  • AND samba-swat is signed with Red Hat redhatrelease2 key
  • samba-winbind is earlier than 0:3.6.23-45.el6_9
  • AND samba-winbind is signed with Red Hat redhatrelease2 key
  • samba-winbind-clients is earlier than 0:3.6.23-45.el6_9
  • AND samba-winbind-clients is signed with Red Hat redhatrelease2 key
  • samba-winbind-devel is earlier than 0:3.6.23-45.el6_9
  • AND samba-winbind-devel is signed with Red Hat redhatrelease2 key
  • samba-winbind-krb5-locator is earlier than 0:3.6.23-45.el6_9
  • AND samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
  • BACK