Lucene search

K
centosCentOS ProjectCESA-2022:0328
HistoryFeb 01, 2022 - 6:03 p.m.

ctdb, libsmbclient, libwbclient, samba security update

2022-02-0118:03:11
CentOS Project
lists.centos.org
507

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.0%

CentOS Errata and Security Advisory CESA-2022:0328

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

  • samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Fix CVE-2020-25717 username map [script] advice (BZ#2034800)

  • Fix Kerberos authentication on standalone server with MIT realm (BZ#2036595)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2022-February/086241.html

Affected packages:
ctdb
ctdb-tests
libsmbclient
libsmbclient-devel
libwbclient
libwbclient-devel
samba
samba-client
samba-client-libs
samba-common
samba-common-libs
samba-common-tools
samba-dc
samba-dc-libs
samba-devel
samba-krb5-printing
samba-libs
samba-pidl
samba-python
samba-python-test
samba-test
samba-test-libs
samba-vfs-glusterfs
samba-winbind
samba-winbind-clients
samba-winbind-krb5-locator
samba-winbind-modules

Upstream details at:
https://access.redhat.com/errata/RHSA-2022:0328

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.0%