Important: samba

Issue Overview:

A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494)

It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125)

A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126)

A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619)

Affected Packages:

samba

Issue Correction:
Run yum update samba to update your system.

New Packages:

i686:  
    samba-test-libs-4.4.4-13.35.amzn1.i686  
    ctdb-4.4.4-13.35.amzn1.i686  
    samba-krb5-printing-4.4.4-13.35.amzn1.i686  
    samba-winbind-4.4.4-13.35.amzn1.i686  
    libsmbclient-4.4.4-13.35.amzn1.i686  
    samba-winbind-clients-4.4.4-13.35.amzn1.i686  
    samba-test-4.4.4-13.35.amzn1.i686  
    samba-4.4.4-13.35.amzn1.i686  
    samba-winbind-krb5-locator-4.4.4-13.35.amzn1.i686  
    libsmbclient-devel-4.4.4-13.35.amzn1.i686  
    samba-winbind-modules-4.4.4-13.35.amzn1.i686  
    samba-python-4.4.4-13.35.amzn1.i686  
    samba-client-4.4.4-13.35.amzn1.i686  
    samba-common-libs-4.4.4-13.35.amzn1.i686  
    samba-libs-4.4.4-13.35.amzn1.i686  
    samba-common-tools-4.4.4-13.35.amzn1.i686  
    libwbclient-devel-4.4.4-13.35.amzn1.i686  
    ctdb-tests-4.4.4-13.35.amzn1.i686  
    samba-debuginfo-4.4.4-13.35.amzn1.i686  
    libwbclient-4.4.4-13.35.amzn1.i686  
    samba-devel-4.4.4-13.35.amzn1.i686  
    samba-client-libs-4.4.4-13.35.amzn1.i686  
  
noarch:  
    samba-common-4.4.4-13.35.amzn1.noarch  
    samba-pidl-4.4.4-13.35.amzn1.noarch  
  
src:  
    samba-4.4.4-13.35.amzn1.src  
  
x86_64:  
    samba-python-4.4.4-13.35.amzn1.x86_64  
    libwbclient-devel-4.4.4-13.35.amzn1.x86_64  
    samba-debuginfo-4.4.4-13.35.amzn1.x86_64  
    ctdb-4.4.4-13.35.amzn1.x86_64  
    ctdb-tests-4.4.4-13.35.amzn1.x86_64  
    samba-client-4.4.4-13.35.amzn1.x86_64  
    libwbclient-4.4.4-13.35.amzn1.x86_64  
    samba-winbind-modules-4.4.4-13.35.amzn1.x86_64  
    samba-test-4.4.4-13.35.amzn1.x86_64  
    samba-winbind-clients-4.4.4-13.35.amzn1.x86_64  
    libsmbclient-devel-4.4.4-13.35.amzn1.x86_64  
    libsmbclient-4.4.4-13.35.amzn1.x86_64  
    samba-krb5-printing-4.4.4-13.35.amzn1.x86_64  
    samba-client-libs-4.4.4-13.35.amzn1.x86_64  
    samba-common-tools-4.4.4-13.35.amzn1.x86_64  
    samba-winbind-krb5-locator-4.4.4-13.35.amzn1.x86_64  
    samba-libs-4.4.4-13.35.amzn1.x86_64  
    samba-4.4.4-13.35.amzn1.x86_64  
    samba-devel-4.4.4-13.35.amzn1.x86_64  
    samba-common-libs-4.4.4-13.35.amzn1.x86_64  
    samba-winbind-4.4.4-13.35.amzn1.x86_64  
    samba-test-libs-4.4.4-13.35.amzn1.x86_64  

Additional References

Red Hat: CVE-2016-2125, CVE-2016-2126, CVE-2017-2619, CVE-2017-7494

Mitre: CVE-2016-2125, CVE-2016-2126, CVE-2017-2619, CVE-2017-7494