CentOS ProjectCESA-2017:1950ctdb, libsmbclient, libwbclient, samba security update
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.009 Low
EPSS
Percentile
82.1%
CentOS Errata and Security Advisory CESA-2017:1950
Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.
The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954)
Security Fix(es):
- A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030802.html
Affected packages:
ctdb
ctdb-tests
libsmbclient
libsmbclient-devel
libwbclient
libwbclient-devel
samba
samba-client
samba-client-libs
samba-common
samba-common-libs
samba-common-tools
samba-dc
samba-dc-libs
samba-devel
samba-krb5-printing
samba-libs
samba-pidl
samba-python
samba-test
samba-test-libs
samba-vfs-glusterfs
samba-winbind
samba-winbind-clients
samba-winbind-krb5-locator
samba-winbind-modules
Upstream details at:
https://access.redhat.com/errata/RHSA-2017:1950
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 7 | x86_64 | ctdb | < 4.6.2-8.el7 | ctdb-4.6.2-8.el7.x86_64.rpm |
| CentOS | 7 | x86_64 | ctdb-tests | < 4.6.2-8.el7 | ctdb-tests-4.6.2-8.el7.x86_64.rpm |
| CentOS | 7 | i686 | libsmbclient | < 4.6.2-8.el7 | libsmbclient-4.6.2-8.el7.i686.rpm |
| CentOS | 7 | x86_64 | libsmbclient | < 4.6.2-8.el7 | libsmbclient-4.6.2-8.el7.x86_64.rpm |
| CentOS | 7 | i686 | libsmbclient-devel | < 4.6.2-8.el7 | libsmbclient-devel-4.6.2-8.el7.i686.rpm |
| CentOS | 7 | x86_64 | libsmbclient-devel | < 4.6.2-8.el7 | libsmbclient-devel-4.6.2-8.el7.x86_64.rpm |
| CentOS | 7 | i686 | libwbclient | < 4.6.2-8.el7 | libwbclient-4.6.2-8.el7.i686.rpm |
| CentOS | 7 | x86_64 | libwbclient | < 4.6.2-8.el7 | libwbclient-4.6.2-8.el7.x86_64.rpm |
| CentOS | 7 | i686 | libwbclient-devel | < 4.6.2-8.el7 | libwbclient-devel-4.6.2-8.el7.i686.rpm |
| CentOS | 7 | x86_64 | libwbclient-devel | < 4.6.2-8.el7 | libwbclient-devel-4.6.2-8.el7.x86_64.rpm |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.009 Low
EPSS
Percentile
82.1%