Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2399.2 Moderate: samba security, bug fix, and enhancement update 22 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: samba samba4 Publisher: Red Hat Operating System: Red Hat Enterprise Linux WS/Desktop 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 7 Impact/Access: Access Privileged Data -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-12163 CVE-2017-12151 CVE-2017-12150 CVE-2017-9461 CVE-2017-2619 Reference: ESB-2017.1904 ESB-2017.2398 Original Bulletin: https://access.redhat.com/errata/RHSA-2017:2778 https://access.redhat.com/errata/RHSA-2017:2789 https://access.redhat.com/errata/RHSA-2017:2790 https://access.redhat.com/errata/RHSA-2017:2791 Comment: This bulletin contains four (4) Red Hat security advisories. Revision History: September 22 2017: Corrected Product tag. September 22 2017: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security, bug fix, and enhancement update Advisory ID: RHSA-2017:2778-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2017:2778 Issue date: 2017-09-21 CVE Names: CVE-2017-2619 CVE-2017-9461 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Gluster Storage 3.3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster 3.3 Samba on RHEL-6 - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. Bug Fix(es): * In the samba configuration, by default the 'posix locking' is enabled and 'stat cache' is disabled. Enabling 'posix locking' sends the file lock request to the bricks too, and disabling 'stat cache' blocks samba to cache certain information at the samba layer. This led to decrease in performance of SMB access of Red Hat Gluster Storage volumes As a fix, the following two options are included in the samba configuration file: posix locking = No stat cache = Yes Due to this, a slight improvement in the performance is observed. (BZ#1436265) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1334397 - Samba [RHEL6] : Upon smbd crash the log displays core dump path as /var/log/samba/cores/smbd but in actual the core is dumped in /var/log/cores 1426663 - [RHEL6] Samba: Yum update for Samba will fail due to higher versions in RHEL 6 1429472 - CVE-2017-2619 samba: symlink race permits opening files outside share directory 1436265 - Smb.conf options for performance improvements [RHEL6] 1444028 - [SAMBA-RHEL6]Unable to start smbd in RHEL6 as /run/smbd.pid does not exist 1459464 - CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks 6. Package List: Red Hat Gluster 3.3 Samba on RHEL-6: Source: libldb-1.1.29-1.el6rhs.src.rpm libtalloc-2.1.9-1.el6rhs.src.rpm libtdb-1.3.12-1.1.el6rhs.src.rpm libtevent-0.9.31-1.el6rhs.src.rpm samba-4.6.3-5.el6rhs.src.rpm noarch: samba-common-4.6.3-5.el6rhs.noarch.rpm samba-pidl-4.6.3-5.el6rhs.noarch.rpm x86_64: ctdb-4.6.3-5.el6rhs.x86_64.rpm ctdb-tests-4.6.3-5.el6rhs.x86_64.rpm ldb-tools-1.1.29-1.el6rhs.x86_64.rpm libldb-1.1.29-1.el6rhs.x86_64.rpm libldb-debuginfo-1.1.29-1.el6rhs.x86_64.rpm libldb-devel-1.1.29-1.el6rhs.x86_64.rpm libsmbclient-4.6.3-5.el6rhs.x86_64.rpm libsmbclient-devel-4.6.3-5.el6rhs.x86_64.rpm libtalloc-2.1.9-1.el6rhs.x86_64.rpm libtalloc-debuginfo-2.1.9-1.el6rhs.x86_64.rpm libtalloc-devel-2.1.9-1.el6rhs.x86_64.rpm libtdb-1.3.12-1.1.el6rhs.x86_64.rpm libtdb-debuginfo-1.3.12-1.1.el6rhs.x86_64.rpm libtdb-devel-1.3.12-1.1.el6rhs.x86_64.rpm libtevent-0.9.31-1.el6rhs.x86_64.rpm libtevent-debuginfo-0.9.31-1.el6rhs.x86_64.rpm libtevent-devel-0.9.31-1.el6rhs.x86_64.rpm libwbclient-4.6.3-5.el6rhs.x86_64.rpm libwbclient-devel-4.6.3-5.el6rhs.x86_64.rpm pyldb-1.1.29-1.el6rhs.x86_64.rpm pyldb-devel-1.1.29-1.el6rhs.x86_64.rpm pytalloc-2.1.9-1.el6rhs.x86_64.rpm pytalloc-devel-2.1.9-1.el6rhs.x86_64.rpm python-tdb-1.3.12-1.1.el6rhs.x86_64.rpm python-tevent-0.9.31-1.el6rhs.x86_64.rpm samba-4.6.3-5.el6rhs.x86_64.rpm samba-client-4.6.3-5.el6rhs.x86_64.rpm samba-client-libs-4.6.3-5.el6rhs.x86_64.rpm samba-common-libs-4.6.3-5.el6rhs.x86_64.rpm samba-common-tools-4.6.3-5.el6rhs.x86_64.rpm samba-dc-4.6.3-5.el6rhs.x86_64.rpm samba-dc-libs-4.6.3-5.el6rhs.x86_64.rpm samba-debuginfo-4.6.3-5.el6rhs.x86_64.rpm samba-devel-4.6.3-5.el6rhs.x86_64.rpm samba-krb5-printing-4.6.3-5.el6rhs.x86_64.rpm samba-libs-4.6.3-5.el6rhs.x86_64.rpm samba-python-4.6.3-5.el6rhs.x86_64.rpm samba-test-4.6.3-5.el6rhs.x86_64.rpm samba-test-libs-4.6.3-5.el6rhs.x86_64.rpm samba-vfs-glusterfs-4.6.3-5.el6rhs.x86_64.rpm samba-winbind-4.6.3-5.el6rhs.x86_64.rpm samba-winbind-clients-4.6.3-5.el6rhs.x86_64.rpm samba-winbind-krb5-locator-4.6.3-5.el6rhs.x86_64.rpm samba-winbind-modules-4.6.3-5.el6rhs.x86_64.rpm tdb-tools-1.3.12-1.1.el6rhs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2619 https://access.redhat.com/security/cve/CVE-2017-9461 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZw0QPXlSAg2UNWIIRAr5wAJ4phoib6er4/mBNHnDXhtlb8FPmaACgvxe3 VOZzdVEnK72kEtUqqWQ4O2I= =LGa8 - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security update Advisory ID: RHSA-2017:2789-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2789 Issue date: 2017-09-21 CVE Names: CVE-2017-12150 CVE-2017-12163 CVE-2017-2619 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) Red Hat would like to thank the Samba project for reporting CVE-2017-2619 and CVE-2017-12150 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1429472 - CVE-2017-2619 samba: symlink race permits opening files outside share directory 1488400 - CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should 1491206 - CVE-2017-12163 Samba: Server memory information leak over SMB1 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba-3.6.23-45.el6_9.src.rpm i386: libsmbclient-3.6.23-45.el6_9.i686.rpm samba-client-3.6.23-45.el6_9.i686.rpm samba-common-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-winbind-3.6.23-45.el6_9.i686.rpm samba-winbind-clients-3.6.23-45.el6_9.i686.rpm x86_64: libsmbclient-3.6.23-45.el6_9.i686.rpm libsmbclient-3.6.23-45.el6_9.x86_64.rpm samba-client-3.6.23-45.el6_9.x86_64.rpm samba-common-3.6.23-45.el6_9.i686.rpm samba-common-3.6.23-45.el6_9.x86_64.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.x86_64.rpm samba-winbind-3.6.23-45.el6_9.x86_64.rpm samba-winbind-clients-3.6.23-45.el6_9.i686.rpm samba-winbind-clients-3.6.23-45.el6_9.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libsmbclient-devel-3.6.23-45.el6_9.i686.rpm samba-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-doc-3.6.23-45.el6_9.i686.rpm samba-domainjoin-gui-3.6.23-45.el6_9.i686.rpm samba-swat-3.6.23-45.el6_9.i686.rpm samba-winbind-devel-3.6.23-45.el6_9.i686.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.i686.rpm x86_64: libsmbclient-devel-3.6.23-45.el6_9.i686.rpm libsmbclient-devel-3.6.23-45.el6_9.x86_64.rpm samba-3.6.23-45.el6_9.x86_64.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.x86_64.rpm samba-doc-3.6.23-45.el6_9.x86_64.rpm samba-domainjoin-gui-3.6.23-45.el6_9.x86_64.rpm samba-glusterfs-3.6.23-45.el6_9.x86_64.rpm samba-swat-3.6.23-45.el6_9.x86_64.rpm samba-winbind-devel-3.6.23-45.el6_9.i686.rpm samba-winbind-devel-3.6.23-45.el6_9.x86_64.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba-3.6.23-45.el6_9.src.rpm x86_64: samba-client-3.6.23-45.el6_9.x86_64.rpm samba-common-3.6.23-45.el6_9.i686.rpm samba-common-3.6.23-45.el6_9.x86_64.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.x86_64.rpm samba-winbind-3.6.23-45.el6_9.x86_64.rpm samba-winbind-clients-3.6.23-45.el6_9.i686.rpm samba-winbind-clients-3.6.23-45.el6_9.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libsmbclient-3.6.23-45.el6_9.i686.rpm libsmbclient-3.6.23-45.el6_9.x86_64.rpm libsmbclient-devel-3.6.23-45.el6_9.i686.rpm libsmbclient-devel-3.6.23-45.el6_9.x86_64.rpm samba-3.6.23-45.el6_9.x86_64.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.x86_64.rpm samba-doc-3.6.23-45.el6_9.x86_64.rpm samba-domainjoin-gui-3.6.23-45.el6_9.x86_64.rpm samba-glusterfs-3.6.23-45.el6_9.x86_64.rpm samba-swat-3.6.23-45.el6_9.x86_64.rpm samba-winbind-devel-3.6.23-45.el6_9.i686.rpm samba-winbind-devel-3.6.23-45.el6_9.x86_64.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba-3.6.23-45.el6_9.src.rpm i386: libsmbclient-3.6.23-45.el6_9.i686.rpm samba-3.6.23-45.el6_9.i686.rpm samba-client-3.6.23-45.el6_9.i686.rpm samba-common-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-winbind-3.6.23-45.el6_9.i686.rpm samba-winbind-clients-3.6.23-45.el6_9.i686.rpm ppc64: libsmbclient-3.6.23-45.el6_9.ppc.rpm libsmbclient-3.6.23-45.el6_9.ppc64.rpm samba-3.6.23-45.el6_9.ppc64.rpm samba-client-3.6.23-45.el6_9.ppc64.rpm samba-common-3.6.23-45.el6_9.ppc.rpm samba-common-3.6.23-45.el6_9.ppc64.rpm samba-debuginfo-3.6.23-45.el6_9.ppc.rpm samba-debuginfo-3.6.23-45.el6_9.ppc64.rpm samba-winbind-3.6.23-45.el6_9.ppc64.rpm samba-winbind-clients-3.6.23-45.el6_9.ppc.rpm samba-winbind-clients-3.6.23-45.el6_9.ppc64.rpm s390x: libsmbclient-3.6.23-45.el6_9.s390.rpm libsmbclient-3.6.23-45.el6_9.s390x.rpm samba-3.6.23-45.el6_9.s390x.rpm samba-client-3.6.23-45.el6_9.s390x.rpm samba-common-3.6.23-45.el6_9.s390.rpm samba-common-3.6.23-45.el6_9.s390x.rpm samba-debuginfo-3.6.23-45.el6_9.s390.rpm samba-debuginfo-3.6.23-45.el6_9.s390x.rpm samba-winbind-3.6.23-45.el6_9.s390x.rpm samba-winbind-clients-3.6.23-45.el6_9.s390.rpm samba-winbind-clients-3.6.23-45.el6_9.s390x.rpm x86_64: libsmbclient-3.6.23-45.el6_9.i686.rpm libsmbclient-3.6.23-45.el6_9.x86_64.rpm samba-3.6.23-45.el6_9.x86_64.rpm samba-client-3.6.23-45.el6_9.x86_64.rpm samba-common-3.6.23-45.el6_9.i686.rpm samba-common-3.6.23-45.el6_9.x86_64.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.x86_64.rpm samba-winbind-3.6.23-45.el6_9.x86_64.rpm samba-winbind-clients-3.6.23-45.el6_9.i686.rpm samba-winbind-clients-3.6.23-45.el6_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libsmbclient-devel-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-doc-3.6.23-45.el6_9.i686.rpm samba-domainjoin-gui-3.6.23-45.el6_9.i686.rpm samba-swat-3.6.23-45.el6_9.i686.rpm samba-winbind-devel-3.6.23-45.el6_9.i686.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.i686.rpm ppc64: libsmbclient-devel-3.6.23-45.el6_9.ppc.rpm libsmbclient-devel-3.6.23-45.el6_9.ppc64.rpm samba-debuginfo-3.6.23-45.el6_9.ppc.rpm samba-debuginfo-3.6.23-45.el6_9.ppc64.rpm samba-doc-3.6.23-45.el6_9.ppc64.rpm samba-domainjoin-gui-3.6.23-45.el6_9.ppc64.rpm samba-swat-3.6.23-45.el6_9.ppc64.rpm samba-winbind-devel-3.6.23-45.el6_9.ppc.rpm samba-winbind-devel-3.6.23-45.el6_9.ppc64.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.ppc64.rpm s390x: libsmbclient-devel-3.6.23-45.el6_9.s390.rpm libsmbclient-devel-3.6.23-45.el6_9.s390x.rpm samba-debuginfo-3.6.23-45.el6_9.s390.rpm samba-debuginfo-3.6.23-45.el6_9.s390x.rpm samba-doc-3.6.23-45.el6_9.s390x.rpm samba-domainjoin-gui-3.6.23-45.el6_9.s390x.rpm samba-swat-3.6.23-45.el6_9.s390x.rpm samba-winbind-devel-3.6.23-45.el6_9.s390.rpm samba-winbind-devel-3.6.23-45.el6_9.s390x.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.s390x.rpm x86_64: libsmbclient-devel-3.6.23-45.el6_9.i686.rpm libsmbclient-devel-3.6.23-45.el6_9.x86_64.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.x86_64.rpm samba-doc-3.6.23-45.el6_9.x86_64.rpm samba-domainjoin-gui-3.6.23-45.el6_9.x86_64.rpm samba-glusterfs-3.6.23-45.el6_9.x86_64.rpm samba-swat-3.6.23-45.el6_9.x86_64.rpm samba-winbind-devel-3.6.23-45.el6_9.i686.rpm samba-winbind-devel-3.6.23-45.el6_9.x86_64.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba-3.6.23-45.el6_9.src.rpm i386: libsmbclient-3.6.23-45.el6_9.i686.rpm samba-3.6.23-45.el6_9.i686.rpm samba-client-3.6.23-45.el6_9.i686.rpm samba-common-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-winbind-3.6.23-45.el6_9.i686.rpm samba-winbind-clients-3.6.23-45.el6_9.i686.rpm x86_64: libsmbclient-3.6.23-45.el6_9.i686.rpm libsmbclient-3.6.23-45.el6_9.x86_64.rpm samba-3.6.23-45.el6_9.x86_64.rpm samba-client-3.6.23-45.el6_9.x86_64.rpm samba-common-3.6.23-45.el6_9.i686.rpm samba-common-3.6.23-45.el6_9.x86_64.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.x86_64.rpm samba-winbind-3.6.23-45.el6_9.x86_64.rpm samba-winbind-clients-3.6.23-45.el6_9.i686.rpm samba-winbind-clients-3.6.23-45.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libsmbclient-devel-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-doc-3.6.23-45.el6_9.i686.rpm samba-domainjoin-gui-3.6.23-45.el6_9.i686.rpm samba-swat-3.6.23-45.el6_9.i686.rpm samba-winbind-devel-3.6.23-45.el6_9.i686.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.i686.rpm x86_64: libsmbclient-devel-3.6.23-45.el6_9.i686.rpm libsmbclient-devel-3.6.23-45.el6_9.x86_64.rpm samba-debuginfo-3.6.23-45.el6_9.i686.rpm samba-debuginfo-3.6.23-45.el6_9.x86_64.rpm samba-doc-3.6.23-45.el6_9.x86_64.rpm samba-domainjoin-gui-3.6.23-45.el6_9.x86_64.rpm samba-glusterfs-3.6.23-45.el6_9.x86_64.rpm samba-swat-3.6.23-45.el6_9.x86_64.rpm samba-winbind-devel-3.6.23-45.el6_9.i686.rpm samba-winbind-devel-3.6.23-45.el6_9.x86_64.rpm samba-winbind-krb5-locator-3.6.23-45.el6_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-12150 https://access.redhat.com/security/cve/CVE-2017-12163 https://access.redhat.com/security/cve/CVE-2017-2619 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZw8peXlSAg2UNWIIRAkMyAKCOrxu9yeDTBhC6VFvZ3y3tj5xkswCfaBzw kC/JuA11JmVZt3SJSNpB1pE= =cbPQ - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security update Advisory ID: RHSA-2017:2790-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2790 Issue date: 2017-09-21 CVE Names: CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 ===================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. (CVE-2017-12151) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) Red Hat would like to thank the Samba project for reporting CVE-2017-12150 and CVE-2017-12151 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150 and CVE-2017-12151. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1488197 - CVE-2017-12151 samba: SMB2 connections don't keep encryption across DFS redirects 1488400 - CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should 1491206 - CVE-2017-12163 Samba: Server memory information leak over SMB1 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: samba-4.6.2-11.el7_4.src.rpm noarch: samba-common-4.6.2-11.el7_4.noarch.rpm x86_64: libsmbclient-4.6.2-11.el7_4.i686.rpm libsmbclient-4.6.2-11.el7_4.x86_64.rpm libwbclient-4.6.2-11.el7_4.i686.rpm libwbclient-4.6.2-11.el7_4.x86_64.rpm samba-client-4.6.2-11.el7_4.x86_64.rpm samba-client-libs-4.6.2-11.el7_4.i686.rpm samba-client-libs-4.6.2-11.el7_4.x86_64.rpm samba-common-libs-4.6.2-11.el7_4.x86_64.rpm samba-common-tools-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.i686.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm samba-krb5-printing-4.6.2-11.el7_4.x86_64.rpm samba-libs-4.6.2-11.el7_4.i686.rpm samba-libs-4.6.2-11.el7_4.x86_64.rpm samba-winbind-4.6.2-11.el7_4.x86_64.rpm samba-winbind-clients-4.6.2-11.el7_4.x86_64.rpm samba-winbind-modules-4.6.2-11.el7_4.i686.rpm samba-winbind-modules-4.6.2-11.el7_4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: samba-pidl-4.6.2-11.el7_4.noarch.rpm x86_64: libsmbclient-devel-4.6.2-11.el7_4.i686.rpm libsmbclient-devel-4.6.2-11.el7_4.x86_64.rpm libwbclient-devel-4.6.2-11.el7_4.i686.rpm libwbclient-devel-4.6.2-11.el7_4.x86_64.rpm samba-4.6.2-11.el7_4.x86_64.rpm samba-dc-4.6.2-11.el7_4.x86_64.rpm samba-dc-libs-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.i686.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm samba-devel-4.6.2-11.el7_4.i686.rpm samba-devel-4.6.2-11.el7_4.x86_64.rpm samba-python-4.6.2-11.el7_4.x86_64.rpm samba-test-4.6.2-11.el7_4.x86_64.rpm samba-test-libs-4.6.2-11.el7_4.i686.rpm samba-test-libs-4.6.2-11.el7_4.x86_64.rpm samba-vfs-glusterfs-4.6.2-11.el7_4.x86_64.rpm samba-winbind-krb5-locator-4.6.2-11.el7_4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: samba-4.6.2-11.el7_4.src.rpm noarch: samba-common-4.6.2-11.el7_4.noarch.rpm x86_64: libsmbclient-4.6.2-11.el7_4.i686.rpm libsmbclient-4.6.2-11.el7_4.x86_64.rpm libwbclient-4.6.2-11.el7_4.i686.rpm libwbclient-4.6.2-11.el7_4.x86_64.rpm samba-client-4.6.2-11.el7_4.x86_64.rpm samba-client-libs-4.6.2-11.el7_4.i686.rpm samba-client-libs-4.6.2-11.el7_4.x86_64.rpm samba-common-libs-4.6.2-11.el7_4.x86_64.rpm samba-common-tools-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.i686.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm samba-libs-4.6.2-11.el7_4.i686.rpm samba-libs-4.6.2-11.el7_4.x86_64.rpm samba-winbind-4.6.2-11.el7_4.x86_64.rpm samba-winbind-clients-4.6.2-11.el7_4.x86_64.rpm samba-winbind-modules-4.6.2-11.el7_4.i686.rpm samba-winbind-modules-4.6.2-11.el7_4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: samba-pidl-4.6.2-11.el7_4.noarch.rpm x86_64: libsmbclient-devel-4.6.2-11.el7_4.i686.rpm libsmbclient-devel-4.6.2-11.el7_4.x86_64.rpm libwbclient-devel-4.6.2-11.el7_4.i686.rpm libwbclient-devel-4.6.2-11.el7_4.x86_64.rpm samba-4.6.2-11.el7_4.x86_64.rpm samba-dc-4.6.2-11.el7_4.x86_64.rpm samba-dc-libs-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.i686.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm samba-devel-4.6.2-11.el7_4.i686.rpm samba-devel-4.6.2-11.el7_4.x86_64.rpm samba-krb5-printing-4.6.2-11.el7_4.x86_64.rpm samba-python-4.6.2-11.el7_4.x86_64.rpm samba-test-4.6.2-11.el7_4.x86_64.rpm samba-test-libs-4.6.2-11.el7_4.i686.rpm samba-test-libs-4.6.2-11.el7_4.x86_64.rpm samba-vfs-glusterfs-4.6.2-11.el7_4.x86_64.rpm samba-winbind-krb5-locator-4.6.2-11.el7_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: samba-4.6.2-11.el7_4.src.rpm aarch64: libsmbclient-4.6.2-11.el7_4.aarch64.rpm libwbclient-4.6.2-11.el7_4.aarch64.rpm samba-4.6.2-11.el7_4.aarch64.rpm samba-client-4.6.2-11.el7_4.aarch64.rpm samba-client-libs-4.6.2-11.el7_4.aarch64.rpm samba-common-libs-4.6.2-11.el7_4.aarch64.rpm samba-common-tools-4.6.2-11.el7_4.aarch64.rpm samba-debuginfo-4.6.2-11.el7_4.aarch64.rpm samba-krb5-printing-4.6.2-11.el7_4.aarch64.rpm samba-libs-4.6.2-11.el7_4.aarch64.rpm samba-python-4.6.2-11.el7_4.aarch64.rpm samba-winbind-4.6.2-11.el7_4.aarch64.rpm samba-winbind-clients-4.6.2-11.el7_4.aarch64.rpm samba-winbind-modules-4.6.2-11.el7_4.aarch64.rpm noarch: samba-common-4.6.2-11.el7_4.noarch.rpm ppc64: libsmbclient-4.6.2-11.el7_4.ppc.rpm libsmbclient-4.6.2-11.el7_4.ppc64.rpm libwbclient-4.6.2-11.el7_4.ppc.rpm libwbclient-4.6.2-11.el7_4.ppc64.rpm samba-4.6.2-11.el7_4.ppc64.rpm samba-client-4.6.2-11.el7_4.ppc64.rpm samba-client-libs-4.6.2-11.el7_4.ppc.rpm samba-client-libs-4.6.2-11.el7_4.ppc64.rpm samba-common-libs-4.6.2-11.el7_4.ppc64.rpm samba-common-tools-4.6.2-11.el7_4.ppc64.rpm samba-debuginfo-4.6.2-11.el7_4.ppc.rpm samba-debuginfo-4.6.2-11.el7_4.ppc64.rpm samba-krb5-printing-4.6.2-11.el7_4.ppc64.rpm samba-libs-4.6.2-11.el7_4.ppc.rpm samba-libs-4.6.2-11.el7_4.ppc64.rpm samba-winbind-4.6.2-11.el7_4.ppc64.rpm samba-winbind-clients-4.6.2-11.el7_4.ppc64.rpm samba-winbind-modules-4.6.2-11.el7_4.ppc.rpm samba-winbind-modules-4.6.2-11.el7_4.ppc64.rpm ppc64le: libsmbclient-4.6.2-11.el7_4.ppc64le.rpm libwbclient-4.6.2-11.el7_4.ppc64le.rpm samba-4.6.2-11.el7_4.ppc64le.rpm samba-client-4.6.2-11.el7_4.ppc64le.rpm samba-client-libs-4.6.2-11.el7_4.ppc64le.rpm samba-common-libs-4.6.2-11.el7_4.ppc64le.rpm samba-common-tools-4.6.2-11.el7_4.ppc64le.rpm samba-debuginfo-4.6.2-11.el7_4.ppc64le.rpm samba-krb5-printing-4.6.2-11.el7_4.ppc64le.rpm samba-libs-4.6.2-11.el7_4.ppc64le.rpm samba-winbind-4.6.2-11.el7_4.ppc64le.rpm samba-winbind-clients-4.6.2-11.el7_4.ppc64le.rpm samba-winbind-modules-4.6.2-11.el7_4.ppc64le.rpm s390x: libsmbclient-4.6.2-11.el7_4.s390.rpm libsmbclient-4.6.2-11.el7_4.s390x.rpm libwbclient-4.6.2-11.el7_4.s390.rpm libwbclient-4.6.2-11.el7_4.s390x.rpm samba-4.6.2-11.el7_4.s390x.rpm samba-client-4.6.2-11.el7_4.s390x.rpm samba-client-libs-4.6.2-11.el7_4.s390.rpm samba-client-libs-4.6.2-11.el7_4.s390x.rpm samba-common-libs-4.6.2-11.el7_4.s390x.rpm samba-common-tools-4.6.2-11.el7_4.s390x.rpm samba-debuginfo-4.6.2-11.el7_4.s390.rpm samba-debuginfo-4.6.2-11.el7_4.s390x.rpm samba-krb5-printing-4.6.2-11.el7_4.s390x.rpm samba-libs-4.6.2-11.el7_4.s390.rpm samba-libs-4.6.2-11.el7_4.s390x.rpm samba-winbind-4.6.2-11.el7_4.s390x.rpm samba-winbind-clients-4.6.2-11.el7_4.s390x.rpm samba-winbind-modules-4.6.2-11.el7_4.s390.rpm samba-winbind-modules-4.6.2-11.el7_4.s390x.rpm x86_64: libsmbclient-4.6.2-11.el7_4.i686.rpm libsmbclient-4.6.2-11.el7_4.x86_64.rpm libwbclient-4.6.2-11.el7_4.i686.rpm libwbclient-4.6.2-11.el7_4.x86_64.rpm samba-4.6.2-11.el7_4.x86_64.rpm samba-client-4.6.2-11.el7_4.x86_64.rpm samba-client-libs-4.6.2-11.el7_4.i686.rpm samba-client-libs-4.6.2-11.el7_4.x86_64.rpm samba-common-libs-4.6.2-11.el7_4.x86_64.rpm samba-common-tools-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.i686.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm samba-krb5-printing-4.6.2-11.el7_4.x86_64.rpm samba-libs-4.6.2-11.el7_4.i686.rpm samba-libs-4.6.2-11.el7_4.x86_64.rpm samba-python-4.6.2-11.el7_4.x86_64.rpm samba-winbind-4.6.2-11.el7_4.x86_64.rpm samba-winbind-clients-4.6.2-11.el7_4.x86_64.rpm samba-winbind-modules-4.6.2-11.el7_4.i686.rpm samba-winbind-modules-4.6.2-11.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Resilient Storage (v. 7): ppc64le: ctdb-4.6.2-11.el7_4.ppc64le.rpm ctdb-tests-4.6.2-11.el7_4.ppc64le.rpm samba-debuginfo-4.6.2-11.el7_4.ppc64le.rpm s390x: ctdb-4.6.2-11.el7_4.s390x.rpm ctdb-tests-4.6.2-11.el7_4.s390x.rpm samba-debuginfo-4.6.2-11.el7_4.s390x.rpm x86_64: ctdb-4.6.2-11.el7_4.x86_64.rpm ctdb-tests-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: libsmbclient-devel-4.6.2-11.el7_4.aarch64.rpm libwbclient-devel-4.6.2-11.el7_4.aarch64.rpm samba-dc-4.6.2-11.el7_4.aarch64.rpm samba-dc-libs-4.6.2-11.el7_4.aarch64.rpm samba-debuginfo-4.6.2-11.el7_4.aarch64.rpm samba-devel-4.6.2-11.el7_4.aarch64.rpm samba-test-4.6.2-11.el7_4.aarch64.rpm samba-test-libs-4.6.2-11.el7_4.aarch64.rpm samba-winbind-krb5-locator-4.6.2-11.el7_4.aarch64.rpm noarch: samba-pidl-4.6.2-11.el7_4.noarch.rpm ppc64: libsmbclient-devel-4.6.2-11.el7_4.ppc.rpm libsmbclient-devel-4.6.2-11.el7_4.ppc64.rpm libwbclient-devel-4.6.2-11.el7_4.ppc.rpm libwbclient-devel-4.6.2-11.el7_4.ppc64.rpm samba-dc-4.6.2-11.el7_4.ppc64.rpm samba-dc-libs-4.6.2-11.el7_4.ppc64.rpm samba-debuginfo-4.6.2-11.el7_4.ppc.rpm samba-debuginfo-4.6.2-11.el7_4.ppc64.rpm samba-devel-4.6.2-11.el7_4.ppc.rpm samba-devel-4.6.2-11.el7_4.ppc64.rpm samba-python-4.6.2-11.el7_4.ppc64.rpm samba-test-4.6.2-11.el7_4.ppc64.rpm samba-test-libs-4.6.2-11.el7_4.ppc.rpm samba-test-libs-4.6.2-11.el7_4.ppc64.rpm samba-winbind-krb5-locator-4.6.2-11.el7_4.ppc64.rpm ppc64le: libsmbclient-devel-4.6.2-11.el7_4.ppc64le.rpm libwbclient-devel-4.6.2-11.el7_4.ppc64le.rpm samba-dc-4.6.2-11.el7_4.ppc64le.rpm samba-dc-libs-4.6.2-11.el7_4.ppc64le.rpm samba-debuginfo-4.6.2-11.el7_4.ppc64le.rpm samba-devel-4.6.2-11.el7_4.ppc64le.rpm samba-python-4.6.2-11.el7_4.ppc64le.rpm samba-test-4.6.2-11.el7_4.ppc64le.rpm samba-test-libs-4.6.2-11.el7_4.ppc64le.rpm samba-winbind-krb5-locator-4.6.2-11.el7_4.ppc64le.rpm s390x: libsmbclient-devel-4.6.2-11.el7_4.s390.rpm libsmbclient-devel-4.6.2-11.el7_4.s390x.rpm libwbclient-devel-4.6.2-11.el7_4.s390.rpm libwbclient-devel-4.6.2-11.el7_4.s390x.rpm samba-dc-4.6.2-11.el7_4.s390x.rpm samba-dc-libs-4.6.2-11.el7_4.s390x.rpm samba-debuginfo-4.6.2-11.el7_4.s390.rpm samba-debuginfo-4.6.2-11.el7_4.s390x.rpm samba-devel-4.6.2-11.el7_4.s390.rpm samba-devel-4.6.2-11.el7_4.s390x.rpm samba-python-4.6.2-11.el7_4.s390x.rpm samba-test-4.6.2-11.el7_4.s390x.rpm samba-test-libs-4.6.2-11.el7_4.s390.rpm samba-test-libs-4.6.2-11.el7_4.s390x.rpm samba-winbind-krb5-locator-4.6.2-11.el7_4.s390x.rpm x86_64: libsmbclient-devel-4.6.2-11.el7_4.i686.rpm libsmbclient-devel-4.6.2-11.el7_4.x86_64.rpm libwbclient-devel-4.6.2-11.el7_4.i686.rpm libwbclient-devel-4.6.2-11.el7_4.x86_64.rpm samba-dc-4.6.2-11.el7_4.x86_64.rpm samba-dc-libs-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.i686.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm samba-devel-4.6.2-11.el7_4.i686.rpm samba-devel-4.6.2-11.el7_4.x86_64.rpm samba-test-4.6.2-11.el7_4.x86_64.rpm samba-test-libs-4.6.2-11.el7_4.i686.rpm samba-test-libs-4.6.2-11.el7_4.x86_64.rpm samba-vfs-glusterfs-4.6.2-11.el7_4.x86_64.rpm samba-winbind-krb5-locator-4.6.2-11.el7_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: samba-4.6.2-11.el7_4.src.rpm noarch: samba-common-4.6.2-11.el7_4.noarch.rpm x86_64: libsmbclient-4.6.2-11.el7_4.i686.rpm libsmbclient-4.6.2-11.el7_4.x86_64.rpm libwbclient-4.6.2-11.el7_4.i686.rpm libwbclient-4.6.2-11.el7_4.x86_64.rpm samba-4.6.2-11.el7_4.x86_64.rpm samba-client-4.6.2-11.el7_4.x86_64.rpm samba-client-libs-4.6.2-11.el7_4.i686.rpm samba-client-libs-4.6.2-11.el7_4.x86_64.rpm samba-common-libs-4.6.2-11.el7_4.x86_64.rpm samba-common-tools-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.i686.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm samba-krb5-printing-4.6.2-11.el7_4.x86_64.rpm samba-libs-4.6.2-11.el7_4.i686.rpm samba-libs-4.6.2-11.el7_4.x86_64.rpm samba-python-4.6.2-11.el7_4.x86_64.rpm samba-winbind-4.6.2-11.el7_4.x86_64.rpm samba-winbind-clients-4.6.2-11.el7_4.x86_64.rpm samba-winbind-modules-4.6.2-11.el7_4.i686.rpm samba-winbind-modules-4.6.2-11.el7_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: samba-pidl-4.6.2-11.el7_4.noarch.rpm x86_64: libsmbclient-devel-4.6.2-11.el7_4.i686.rpm libsmbclient-devel-4.6.2-11.el7_4.x86_64.rpm libwbclient-devel-4.6.2-11.el7_4.i686.rpm libwbclient-devel-4.6.2-11.el7_4.x86_64.rpm samba-dc-4.6.2-11.el7_4.x86_64.rpm samba-dc-libs-4.6.2-11.el7_4.x86_64.rpm samba-debuginfo-4.6.2-11.el7_4.i686.rpm samba-debuginfo-4.6.2-11.el7_4.x86_64.rpm samba-devel-4.6.2-11.el7_4.i686.rpm samba-devel-4.6.2-11.el7_4.x86_64.rpm samba-test-4.6.2-11.el7_4.x86_64.rpm samba-test-libs-4.6.2-11.el7_4.i686.rpm samba-test-libs-4.6.2-11.el7_4.x86_64.rpm samba-vfs-glusterfs-4.6.2-11.el7_4.x86_64.rpm samba-winbind-krb5-locator-4.6.2-11.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-12150 https://access.redhat.com/security/cve/CVE-2017-12151 https://access.redhat.com/security/cve/CVE-2017-12163 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZw8fMXlSAg2UNWIIRAqRoAKDA9DmWagsIDoB2ZhiJ7o4yh2JFIwCfcHYg hmloGjE88MrEKs1k+wSSsuw= =E2bn - -----END PGP SIGNATURE----- - --- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba4 security update Advisory ID: RHSA-2017:2791-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2791 Issue date: 2017-09-21 CVE Names: CVE-2017-12150 CVE-2017-12163 ===================================================================== 1. Summary: An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) Red Hat would like to thank the Samba project for reporting CVE-2017-12150 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1488400 - CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should 1491206 - CVE-2017-12163 Samba: Server memory information leak over SMB1 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba4-4.2.10-11.el6_9.src.rpm i386: samba4-4.2.10-11.el6_9.i686.rpm samba4-client-4.2.10-11.el6_9.i686.rpm samba4-common-4.2.10-11.el6_9.i686.rpm samba4-dc-4.2.10-11.el6_9.i686.rpm samba4-dc-libs-4.2.10-11.el6_9.i686.rpm samba4-debuginfo-4.2.10-11.el6_9.i686.rpm samba4-devel-4.2.10-11.el6_9.i686.rpm samba4-libs-4.2.10-11.el6_9.i686.rpm samba4-pidl-4.2.10-11.el6_9.i686.rpm samba4-python-4.2.10-11.el6_9.i686.rpm samba4-test-4.2.10-11.el6_9.i686.rpm samba4-winbind-4.2.10-11.el6_9.i686.rpm samba4-winbind-clients-4.2.10-11.el6_9.i686.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.i686.rpm x86_64: samba4-4.2.10-11.el6_9.x86_64.rpm samba4-client-4.2.10-11.el6_9.x86_64.rpm samba4-common-4.2.10-11.el6_9.x86_64.rpm samba4-dc-4.2.10-11.el6_9.x86_64.rpm samba4-dc-libs-4.2.10-11.el6_9.x86_64.rpm samba4-debuginfo-4.2.10-11.el6_9.x86_64.rpm samba4-devel-4.2.10-11.el6_9.x86_64.rpm samba4-libs-4.2.10-11.el6_9.x86_64.rpm samba4-pidl-4.2.10-11.el6_9.x86_64.rpm samba4-python-4.2.10-11.el6_9.x86_64.rpm samba4-test-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-clients-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba4-4.2.10-11.el6_9.src.rpm x86_64: samba4-4.2.10-11.el6_9.x86_64.rpm samba4-client-4.2.10-11.el6_9.x86_64.rpm samba4-common-4.2.10-11.el6_9.x86_64.rpm samba4-dc-4.2.10-11.el6_9.x86_64.rpm samba4-dc-libs-4.2.10-11.el6_9.x86_64.rpm samba4-debuginfo-4.2.10-11.el6_9.x86_64.rpm samba4-devel-4.2.10-11.el6_9.x86_64.rpm samba4-libs-4.2.10-11.el6_9.x86_64.rpm samba4-pidl-4.2.10-11.el6_9.x86_64.rpm samba4-python-4.2.10-11.el6_9.x86_64.rpm samba4-test-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-clients-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba4-4.2.10-11.el6_9.src.rpm i386: samba4-4.2.10-11.el6_9.i686.rpm samba4-client-4.2.10-11.el6_9.i686.rpm samba4-common-4.2.10-11.el6_9.i686.rpm samba4-dc-4.2.10-11.el6_9.i686.rpm samba4-dc-libs-4.2.10-11.el6_9.i686.rpm samba4-debuginfo-4.2.10-11.el6_9.i686.rpm samba4-devel-4.2.10-11.el6_9.i686.rpm samba4-libs-4.2.10-11.el6_9.i686.rpm samba4-pidl-4.2.10-11.el6_9.i686.rpm samba4-python-4.2.10-11.el6_9.i686.rpm samba4-test-4.2.10-11.el6_9.i686.rpm samba4-winbind-4.2.10-11.el6_9.i686.rpm samba4-winbind-clients-4.2.10-11.el6_9.i686.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.i686.rpm ppc64: samba4-4.2.10-11.el6_9.ppc64.rpm samba4-client-4.2.10-11.el6_9.ppc64.rpm samba4-common-4.2.10-11.el6_9.ppc64.rpm samba4-dc-4.2.10-11.el6_9.ppc64.rpm samba4-dc-libs-4.2.10-11.el6_9.ppc64.rpm samba4-debuginfo-4.2.10-11.el6_9.ppc64.rpm samba4-devel-4.2.10-11.el6_9.ppc64.rpm samba4-libs-4.2.10-11.el6_9.ppc64.rpm samba4-pidl-4.2.10-11.el6_9.ppc64.rpm samba4-python-4.2.10-11.el6_9.ppc64.rpm samba4-test-4.2.10-11.el6_9.ppc64.rpm samba4-winbind-4.2.10-11.el6_9.ppc64.rpm samba4-winbind-clients-4.2.10-11.el6_9.ppc64.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.ppc64.rpm s390x: samba4-4.2.10-11.el6_9.s390x.rpm samba4-client-4.2.10-11.el6_9.s390x.rpm samba4-common-4.2.10-11.el6_9.s390x.rpm samba4-dc-4.2.10-11.el6_9.s390x.rpm samba4-dc-libs-4.2.10-11.el6_9.s390x.rpm samba4-debuginfo-4.2.10-11.el6_9.s390x.rpm samba4-devel-4.2.10-11.el6_9.s390x.rpm samba4-libs-4.2.10-11.el6_9.s390x.rpm samba4-pidl-4.2.10-11.el6_9.s390x.rpm samba4-python-4.2.10-11.el6_9.s390x.rpm samba4-test-4.2.10-11.el6_9.s390x.rpm samba4-winbind-4.2.10-11.el6_9.s390x.rpm samba4-winbind-clients-4.2.10-11.el6_9.s390x.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.s390x.rpm x86_64: samba4-4.2.10-11.el6_9.x86_64.rpm samba4-client-4.2.10-11.el6_9.x86_64.rpm samba4-common-4.2.10-11.el6_9.x86_64.rpm samba4-dc-4.2.10-11.el6_9.x86_64.rpm samba4-dc-libs-4.2.10-11.el6_9.x86_64.rpm samba4-debuginfo-4.2.10-11.el6_9.x86_64.rpm samba4-devel-4.2.10-11.el6_9.x86_64.rpm samba4-libs-4.2.10-11.el6_9.x86_64.rpm samba4-pidl-4.2.10-11.el6_9.x86_64.rpm samba4-python-4.2.10-11.el6_9.x86_64.rpm samba4-test-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-clients-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba4-4.2.10-11.el6_9.src.rpm i386: samba4-4.2.10-11.el6_9.i686.rpm samba4-client-4.2.10-11.el6_9.i686.rpm samba4-common-4.2.10-11.el6_9.i686.rpm samba4-dc-4.2.10-11.el6_9.i686.rpm samba4-dc-libs-4.2.10-11.el6_9.i686.rpm samba4-debuginfo-4.2.10-11.el6_9.i686.rpm samba4-devel-4.2.10-11.el6_9.i686.rpm samba4-libs-4.2.10-11.el6_9.i686.rpm samba4-pidl-4.2.10-11.el6_9.i686.rpm samba4-python-4.2.10-11.el6_9.i686.rpm samba4-test-4.2.10-11.el6_9.i686.rpm samba4-winbind-4.2.10-11.el6_9.i686.rpm samba4-winbind-clients-4.2.10-11.el6_9.i686.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.i686.rpm x86_64: samba4-4.2.10-11.el6_9.x86_64.rpm samba4-client-4.2.10-11.el6_9.x86_64.rpm samba4-common-4.2.10-11.el6_9.x86_64.rpm samba4-dc-4.2.10-11.el6_9.x86_64.rpm samba4-dc-libs-4.2.10-11.el6_9.x86_64.rpm samba4-debuginfo-4.2.10-11.el6_9.x86_64.rpm samba4-devel-4.2.10-11.el6_9.x86_64.rpm samba4-libs-4.2.10-11.el6_9.x86_64.rpm samba4-pidl-4.2.10-11.el6_9.x86_64.rpm samba4-python-4.2.10-11.el6_9.x86_64.rpm samba4-test-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-clients-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-12150 https://access.redhat.com/security/cve/CVE-2017-12163 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZw6fnXlSAg2UNWIIRAlfEAKCzzP0WDYxRAEdMzk5vTp3DVvBI8wCfeuHW cjaStBIrK59xwChGYmkjho8= =RzxC - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWcRUvIx+lLeg9Ub1AQhjzA//e84AZfX3YPk0GSrJKuv1zDzbCECk1+jh GvLBeoreSTaVj4tKhSuu+NN6GJvoE8z3KpST+swtMC1/1vjfi8lgb530qrxBnfIs 5QczYY7H4niQZeUjPLy2kc0SuZGUHzvNK8IInKO3dRxHYT0sxQoBnZNuPSHoOsdf eB8O4xvxIffEZhSKvuHMBUKu4/THd3D2zlpQxCos0UwjjFN75RBJF8IIYe+pHOJ5 wT4ghmlxXN6VRScm/uJjYAHAcqRitvKGHxW6cPOhftQ2XdFF+07OSYLbouk/kDxY IIjSAyZGGzHqtJneGEkzY8l5sVlAheV2DMbCu59lRNk6hkwpuv/UX2f7dRaRzh0u NUKkDnA6jzbjXdNXY3DARCqvCrkUUmSKPK21nicwYIPwTvlsn80/bjEuuPUe7/fP GdERjDIj27eTq0tRFTmLhPrjBeX3U8l3fz2bdLquz1RKqEkIpqEnt/aX0FMLPEaG bGJpjSMFLazQQvpnOlQczYtLo8sKGSR8z1IFX65WZ4LlSHbpsy2IbMhH5ZzTmYKO tONkfQjaQGcut3DUPkDx6SztmZeXVYDn/k09xMgmT+gFnGYiUEjcDUlt8jjO99/v PSr/Ur5IoRT3ywRO5XulVeXKNeu6ZAJficEKjaq9K3J4wzL7xUYKnbi8MMNVeKIP 5KpeZc9j4EA= =WN0U -----END PGP SIGNATURE-----