(RHSA-2022:1756) Moderate: samba security, bug fix and enhancement update

2022-05-1004:11:43

access.redhat.com

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

54.6%

JSON

Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.

Security Fix(es):

samba: Symlink race error can allow metadata read and modify outside of the exported share (CVE-2021-20316)
samba: Information leak via symlinks of existance of files or directories outside of the exported share (CVE-2021-44141)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Users of samba with Red Hat Gluster Storage are advised to upgrade to these updated packages.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64samba-common-tools< 4.15.5-100.el8rhgssamba-common-tools-4.15.5-100.el8rhgs.x86_64.rpm
RedHat8x86_64python3-tevent< 0.11.0-1.el8rhgspython3-tevent-0.11.0-1.el8rhgs.x86_64.rpm
RedHat8x86_64samba-common-tools-debuginfo< 4.15.5-100.el8rhgssamba-common-tools-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm
RedHat8x86_64python3-samba< 4.15.5-100.el8rhgspython3-samba-4.15.5-100.el8rhgs.x86_64.rpm
RedHat8x86_64samba-winbind-clients-debuginfo< 4.15.5-100.el8rhgssamba-winbind-clients-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm
RedHat8x86_64libsmbclient< 4.15.5-100.el8rhgslibsmbclient-4.15.5-100.el8rhgs.x86_64.rpm
RedHat8x86_64samba-client-debuginfo< 4.15.5-100.el8rhgssamba-client-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm
RedHat8x86_64samba-winbind-modules< 4.15.5-100.el8rhgssamba-winbind-modules-4.15.5-100.el8rhgs.x86_64.rpm
RedHat8x86_64samba-client-libs< 4.15.5-100.el8rhgssamba-client-libs-4.15.5-100.el8rhgs.x86_64.rpm
RedHat8x86_64libtdb< 1.4.4-2.el8rhgslibtdb-1.4.4-2.el8rhgs.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	samba-common-tools	< 4.15.5-100.el8rhgs	samba-common-tools-4.15.5-100.el8rhgs.x86_64.rpm
RedHat	8	x86_64	python3-tevent	< 0.11.0-1.el8rhgs	python3-tevent-0.11.0-1.el8rhgs.x86_64.rpm
RedHat	8	x86_64	samba-common-tools-debuginfo	< 4.15.5-100.el8rhgs	samba-common-tools-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm
RedHat	8	x86_64	python3-samba	< 4.15.5-100.el8rhgs	python3-samba-4.15.5-100.el8rhgs.x86_64.rpm
RedHat	8	x86_64	samba-winbind-clients-debuginfo	< 4.15.5-100.el8rhgs	samba-winbind-clients-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm
RedHat	8	x86_64	libsmbclient	< 4.15.5-100.el8rhgs	libsmbclient-4.15.5-100.el8rhgs.x86_64.rpm
RedHat	8	x86_64	samba-client-debuginfo	< 4.15.5-100.el8rhgs	samba-client-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm
RedHat	8	x86_64	samba-winbind-modules	< 4.15.5-100.el8rhgs	samba-winbind-modules-4.15.5-100.el8rhgs.x86_64.rpm
RedHat	8	x86_64	samba-client-libs	< 4.15.5-100.el8rhgs	samba-client-libs-4.15.5-100.el8rhgs.x86_64.rpm
RedHat	8	x86_64	libtdb	< 1.4.4-2.el8rhgs	libtdb-1.4.4-2.el8rhgs.x86_64.rpm