Issued:

2017-11-27

Updated:

2017-11-27

RHSA-2017:3261 - Important: samba security update

Synopsis

Important: samba security update

Type/Severity

Security Advisory Important

Topic

An update for samba is now available for Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6 and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

• A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746)

• A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server. (CVE-2017-15275)

Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted automatically.

Affected Products

Updated Packages

• samba-winbind-4.6.3-9.el6rhs.x86_64.rpm
• samba-winbind-modules-4.6.3-9.el7rhgs.x86_64.rpm
• samba-common-4.6.3-9.el7rhgs.noarch.rpm
• samba-devel-4.6.3-9.el6rhs.x86_64.rpm
• samba-dc-libs-4.6.3-9.el7rhgs.x86_64.rpm
• samba-pidl-4.6.3-9.el6rhs.noarch.rpm
• samba-vfs-glusterfs-4.6.3-9.el6rhs.x86_64.rpm
• samba-debuginfo-4.6.3-9.el6rhs.x86_64.rpm
• samba-vfs-glusterfs-4.6.3-9.el7rhgs.x86_64.rpm
• samba-client-libs-4.6.3-9.el6rhs.x86_64.rpm
• ctdb-4.6.3-9.el6rhs.x86_64.rpm
• samba-common-tools-4.6.3-9.el7rhgs.x86_64.rpm
• samba-client-4.6.3-9.el6rhs.x86_64.rpm
• libsmbclient-devel-4.6.3-9.el7rhgs.x86_64.rpm
• samba-common-libs-4.6.3-9.el6rhs.x86_64.rpm
• samba-common-libs-4.6.3-9.el7rhgs.x86_64.rpm
• samba-winbind-modules-4.6.3-9.el6rhs.x86_64.rpm
• samba-4.6.3-9.el6rhs.src.rpm
• samba-krb5-printing-4.6.3-9.el7rhgs.x86_64.rpm
• samba-common-tools-4.6.3-9.el6rhs.x86_64.rpm
• libwbclient-devel-4.6.3-9.el7rhgs.x86_64.rpm
• samba-dc-libs-4.6.3-9.el6rhs.x86_64.rpm
• libsmbclient-devel-4.6.3-9.el6rhs.x86_64.rpm
• ctdb-tests-4.6.3-9.el6rhs.x86_64.rpm
• samba-krb5-printing-4.6.3-9.el6rhs.x86_64.rpm
• samba-python-4.6.3-9.el6rhs.x86_64.rpm
• ctdb-tests-4.6.3-9.el7rhgs.x86_64.rpm
• libwbclient-4.6.3-9.el6rhs.x86_64.rpm
• samba-client-libs-4.6.3-9.el7rhgs.x86_64.rpm
• libsmbclient-4.6.3-9.el7rhgs.x86_64.rpm
• samba-dc-4.6.3-9.el6rhs.x86_64.rpm
• ctdb-4.6.3-9.el7rhgs.x86_64.rpm
• samba-4.6.3-9.el7rhgs.x86_64.rpm
• samba-client-4.6.3-9.el7rhgs.x86_64.rpm
• samba-4.6.3-9.el6rhs.x86_64.rpm
• samba-dc-4.6.3-9.el7rhgs.x86_64.rpm
• samba-python-4.6.3-9.el7rhgs.x86_64.rpm
• libwbclient-devel-4.6.3-9.el6rhs.x86_64.rpm
• samba-test-4.6.3-9.el7rhgs.x86_64.rpm
• samba-test-libs-4.6.3-9.el6rhs.x86_64.rpm
• samba-winbind-4.6.3-9.el7rhgs.x86_64.rpm
• samba-winbind-clients-4.6.3-9.el6rhs.x86_64.rpm
• samba-winbind-krb5-locator-4.6.3-9.el6rhs.x86_64.rpm
• samba-4.6.3-9.el7rhgs.src.rpm
• samba-common-4.6.3-9.el6rhs.noarch.rpm
• samba-debuginfo-4.6.3-9.el7rhgs.x86_64.rpm
• libsmbclient-4.6.3-9.el6rhs.x86_64.rpm
• samba-libs-4.6.3-9.el6rhs.x86_64.rpm
• samba-pidl-4.6.3-9.el7rhgs.noarch.rpm
• libwbclient-4.6.3-9.el7rhgs.x86_64.rpm
• samba-winbind-clients-4.6.3-9.el7rhgs.x86_64.rpm
• samba-winbind-krb5-locator-4.6.3-9.el7rhgs.x86_64.rpm
• samba-libs-4.6.3-9.el7rhgs.x86_64.rpm
• samba-devel-4.6.3-9.el7rhgs.x86_64.rpm
• samba-test-4.6.3-9.el6rhs.x86_64.rpm
• samba-test-libs-4.6.3-9.el7rhgs.x86_64.rpm

Fixes

• This content is not included.BZ - 1511899
• This content is not included.BZ - 1512465

CVEs

• CVE-2017-14746
• CVE-2017-15275

References

• https://access.redhat.com/security/updates/classification/#important

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.