Important: samba

2017-05-30T23:54:00
ID ALAS-2017-834
Type amazon
Reporter Amazon
Modified 2017-05-30T23:54:00

Description

Issue Overview:

A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494 __)

It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125 __)

A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126 __)

A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619 __)

Affected Packages:

samba

Issue Correction:
Run yum update samba to update your system.

New Packages:

i686:  
    samba-test-libs-4.4.4-13.35.amzn1.i686  
    ctdb-4.4.4-13.35.amzn1.i686  
    samba-krb5-printing-4.4.4-13.35.amzn1.i686  
    samba-winbind-4.4.4-13.35.amzn1.i686  
    libsmbclient-4.4.4-13.35.amzn1.i686  
    samba-winbind-clients-4.4.4-13.35.amzn1.i686  
    samba-test-4.4.4-13.35.amzn1.i686  
    samba-4.4.4-13.35.amzn1.i686  
    samba-winbind-krb5-locator-4.4.4-13.35.amzn1.i686  
    libsmbclient-devel-4.4.4-13.35.amzn1.i686  
    samba-winbind-modules-4.4.4-13.35.amzn1.i686  
    samba-python-4.4.4-13.35.amzn1.i686  
    samba-client-4.4.4-13.35.amzn1.i686  
    samba-common-libs-4.4.4-13.35.amzn1.i686  
    samba-libs-4.4.4-13.35.amzn1.i686  
    samba-common-tools-4.4.4-13.35.amzn1.i686  
    libwbclient-devel-4.4.4-13.35.amzn1.i686  
    ctdb-tests-4.4.4-13.35.amzn1.i686  
    samba-debuginfo-4.4.4-13.35.amzn1.i686  
    libwbclient-4.4.4-13.35.amzn1.i686  
    samba-devel-4.4.4-13.35.amzn1.i686  
    samba-client-libs-4.4.4-13.35.amzn1.i686

noarch:  
    samba-common-4.4.4-13.35.amzn1.noarch  
    samba-pidl-4.4.4-13.35.amzn1.noarch

src:  
    samba-4.4.4-13.35.amzn1.src

x86_64:  
    samba-python-4.4.4-13.35.amzn1.x86_64  
    libwbclient-devel-4.4.4-13.35.amzn1.x86_64  
    samba-debuginfo-4.4.4-13.35.amzn1.x86_64  
    ctdb-4.4.4-13.35.amzn1.x86_64  
    ctdb-tests-4.4.4-13.35.amzn1.x86_64  
    samba-client-4.4.4-13.35.amzn1.x86_64  
    libwbclient-4.4.4-13.35.amzn1.x86_64  
    samba-winbind-modules-4.4.4-13.35.amzn1.x86_64  
    samba-test-4.4.4-13.35.amzn1.x86_64  
    samba-winbind-clients-4.4.4-13.35.amzn1.x86_64  
    libsmbclient-devel-4.4.4-13.35.amzn1.x86_64  
    libsmbclient-4.4.4-13.35.amzn1.x86_64  
    samba-krb5-printing-4.4.4-13.35.amzn1.x86_64  
    samba-client-libs-4.4.4-13.35.amzn1.x86_64  
    samba-common-tools-4.4.4-13.35.amzn1.x86_64  
    samba-winbind-krb5-locator-4.4.4-13.35.amzn1.x86_64  
    samba-libs-4.4.4-13.35.amzn1.x86_64  
    samba-4.4.4-13.35.amzn1.x86_64  
    samba-devel-4.4.4-13.35.amzn1.x86_64  
    samba-common-libs-4.4.4-13.35.amzn1.x86_64  
    samba-winbind-4.4.4-13.35.amzn1.x86_64  
    samba-test-libs-4.4.4-13.35.amzn1.x86_64