Koozali.org: home of the SME Server

Security Advisory - Important: samba security update - RH EL6

Offline TerryF

  • grumpy old man
  • *
  • 1,836
  • +6/-0
Red Hat has released a security update for EL6 that will apply to
Koozali SME9.#, it has been rated as Important.

Update is available from upstream as appropriate.

See here for full notice: https://access.redhat.com/errata/RHSA-2017:1270

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: samba security update
Advisory ID:       RHSA-2017:1270-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1270
Issue date:        2017-05-24
CVE Names:         CVE-2017-7494
=====================================================================

1. Summary:

An update for samba is now available for Red Hat Enterprise Linux 6 and Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various
information.

Security Fix(es):

* A remote code execution flaw was found in Samba. A malicious
authenticated samba client, having write access to the samba share, could
use this flaw to execute arbitrary code as root. (CVE-2017-7494)

Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges steelo as the original reporter.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1450347 - CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE
--
qui scribit bis legit