samba-4.11.2-13.el8

エラータID: AXSA:2020-904:04

Release date: 
Friday, November 13, 2020 - 06:47
Subject: 
samba-4.11.2-13.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various information.

The following packages have been upgraded to a later upstream version: samba
(4.11.2).

Security Fix(es):

* samba: Combination of parameters and permissions can allow user to escape
from the share path definition (CVE-2019-10197)

* samba: smb client vulnerable to filenames containing path separators
(CVE-2019-10218)

* samba: Crash after failed character conversion at log level 3 or above
(CVE-2019-14907)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8
and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba
configuration file. An unauthenticated attacker could use this flaw to escape
the shared directory and access the contents of directories outside the share.
CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba 4.11.2,
4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client
with separators. This could allow the client to access files and folders outside
of the SMB network pathnames. An attacker could use this vulnerability to create
files outside of the current working directory using the privileges of the
client user.
CVE-2019-14907
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before
4.11.5 have an issue where if it is set with "log level = 3" (or above) then the
string obtained from the client, after a failed character conversion, is
printed. Such strings can be provided during the NTLMSSP authentication
exchange. In the Samba AD DC in particular, this may cause a long-lived
process(such as the RPC server) to terminate. (In the file server case, the most
likely target, smbd, operates as process-per-client and so a crash there is
harmless).

Solution: 

Update packages.

CVEs: 
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.
CVE-2019-14907
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
Additional Info: 

N/A

Download: 

SRPMS
  1. samba-4.11.2-13.el8.src.rpm
    MD5: 3b88f2e53f334da2ccb83ccfb82d370b
    SHA-256: 18248aeb68a764c239d853face72f3de128e381ee48b5f6c6e438f0203a347bf
    Size: 11.85 MB

Asianux Server 8 for x86_64
  1. ctdb-4.11.2-13.el8.x86_64.rpm
    MD5: db620a505e432017858aa3a79edf5c7a
    SHA-256: 853a38cf895b199990b73cd5ed96775c95abba993f6a3611a222810f54d2bc8e
    Size: 755.90 kB
  2. ctdb-tests-4.11.2-13.el8.x86_64.rpm
    MD5: b22e4b182fba6a9fd597c3bbc5e8c966
    SHA-256: f398d472db87259a3302df0040ea9ee7d586bc487efcec1b3b4d47390feb738e
    Size: 1.30 MB
  3. libsmbclient-4.11.2-13.el8.x86_64.rpm
    MD5: 0c2758944bca372cdc7f09adacf36f20
    SHA-256: 26790dc4ba6ba453dabfb1d6b408b88712b031ccda7f4171cb31fc584f310fdf
    Size: 144.57 kB
  4. libwbclient-4.11.2-13.el8.x86_64.rpm
    MD5: 7898a63e6a4d4ab1107bfda90ed165f6
    SHA-256: 499c2f133e51b99ac8116279670a2c64c2293d5054378ce778e3d27a0e8b577b
    Size: 115.81 kB
  5. python3-samba-4.11.2-13.el8.x86_64.rpm
    MD5: b340d01d5e84b40c4bc7a0194bfcfc8c
    SHA-256: 78beb22f63b2753fbb1e5704f097a2b697f695234b995e907ce26b1287757b9c
    Size: 3.07 MB
  6. python3-samba-test-4.11.2-13.el8.x86_64.rpm
    MD5: a79f41df4620f4a50110e1b41b19743c
    SHA-256: 061be8606eba6acea607d08cdc0202ef1f1b97c9ccd43ffa465f9a3db0ecabbb
    Size: 641.84 kB
  7. samba-4.11.2-13.el8.x86_64.rpm
    MD5: 5afad17dbae8aeeb4d8597a1396501fa
    SHA-256: 86a755564016cf0b4f2cbc69510a5a562547d812ac61dbfab12f08a5525325b3
    Size: 765.32 kB
  8. samba-client-4.11.2-13.el8.x86_64.rpm
    MD5: 828bfb6119f19f5e7c331dfa6aaa9c37
    SHA-256: ce0f6361f1d6382d6dacf1d881b042f692ca23f245901cd93384b43f2783aede
    Size: 657.26 kB
  9. samba-client-libs-4.11.2-13.el8.x86_64.rpm
    MD5: 3e34304d65bc20d73e9d198c351186d7
    SHA-256: 17ec084579264002d8c6520b37af3dfa0e91bf3cfa8ba8bf46cfc8fd803042e0
    Size: 5.10 MB
  10. samba-common-4.11.2-13.el8.noarch.rpm
    MD5: c17b60084fcf2651286d9193c0d94fab
    SHA-256: 7e57841eb28cd96e5c96f88d2e4dfeccbc348fd6440d2d7a1103974ba6d16ec4
    Size: 211.39 kB
  11. samba-common-libs-4.11.2-13.el8.x86_64.rpm
    MD5: 33680694d591b07b38e1da7e355dcc5e
    SHA-256: e8f62835814a7b5dc0920357c2a4d77a94b24b599cf521c4362769f08c49e4ac
    Size: 172.35 kB
  12. samba-common-tools-4.11.2-13.el8.x86_64.rpm
    MD5: c06b65559b9a8668492610beaeedb7c0
    SHA-256: ab6034ffd6cd26d64c95023791626bef64e0ce6ef0faac584cedb45beb955ffe
    Size: 470.96 kB
  13. samba-krb5-printing-4.11.2-13.el8.x86_64.rpm
    MD5: c955f1fc96b79b10090c9be0975f9e26
    SHA-256: f3250aed21dd4db806544205936c0b7290f3cd1be6bc75a53f0b29ecf35216da
    Size: 93.57 kB
  14. samba-libs-4.11.2-13.el8.x86_64.rpm
    MD5: 53ac9b971b0f55fcb2c4fdcfbae014b0
    SHA-256: 84f45f267f0009dbc93621ae581832fbbc3f92fe9365cbd30f5b5214fea288b5
    Size: 168.80 kB
  15. samba-pidl-4.11.2-13.el8.noarch.rpm
    MD5: 3fce94ee88e2ba07e672fd6319a63478
    SHA-256: 9dff38e090de1d333e6a7251e7a71480be88ae99dff92b9248e1d524dfdcda6b
    Size: 185.26 kB
  16. samba-test-4.11.2-13.el8.x86_64.rpm
    MD5: afae507533ff3cf9f9dd786033bbcb28
    SHA-256: 2a8a1deb937e6cf3c9edcb3b2ef027b66c66b29c041b93019a1fd610faa23ba5
    Size: 1.97 MB
  17. samba-test-libs-4.11.2-13.el8.x86_64.rpm
    MD5: eb101136358a9fd51b692fde1c447c48
    SHA-256: 848d088dc3f5a86a9bb96d6b9c4a26681aca5aaf1932f811eaf315c8880638a7
    Size: 114.25 kB
  18. samba-winbind-4.11.2-13.el8.x86_64.rpm
    MD5: 6beb8503b9be1cb5a19fae6af9a4d2b5
    SHA-256: 028a6bcd75922d26b773467b592c3ca5b2b3c6bbd577a8c385eb80bdd79b98e8
    Size: 573.51 kB
  19. samba-winbind-clients-4.11.2-13.el8.x86_64.rpm
    MD5: 4d8a646aeb180b78b7f4d65889d30418
    SHA-256: 412a1484c305a641193007e39dead7f694e522970e5c8bfe8dd76aec31ef67fe
    Size: 148.33 kB
  20. samba-winbind-krb5-locator-4.11.2-13.el8.x86_64.rpm
    MD5: ad95b8a497e96a0881f20cb46019f785
    SHA-256: 3500dceb3bab59844c180fc7ef29c54358bcb589e710514a2b3f9539e8b6df9c
    Size: 92.95 kB
  21. samba-winbind-modules-4.11.2-13.el8.x86_64.rpm
    MD5: 098f2bb1b8fffaee7a95a6d312bfbe2d
    SHA-256: f90a93b8b981d6b943efc4672bfb20a0a162d61c32d8f4eb15dd38c13d1608e7
    Size: 121.21 kB
  22. libsmbclient-4.11.2-13.el8.i686.rpm
    MD5: 1939d3eea8dd4220be345578a020f75a
    SHA-256: c2123462d76814d0af8f2b9d8e5ec7466b143fa7bc36f0770ebdf6ea76c5a7cd
    Size: 148.91 kB
  23. libwbclient-4.11.2-13.el8.i686.rpm
    MD5: e3664d57a9a1630454747593db6b1f8d
    SHA-256: 3491fa569642e7d7319a872b9ef6cfdf3ba62536f098f11c7a7334dc8defdbc5
    Size: 118.58 kB
  24. python3-samba-4.11.2-13.el8.i686.rpm
    MD5: f52a404bcff9869225d9e26f0f7f95e2
    SHA-256: c2201a0dec7b82bd2760a8ff715dbdbc0d03117bb63f67d51ba9e9dc8c0d57fa
    Size: 2.95 MB
  25. samba-client-libs-4.11.2-13.el8.i686.rpm
    MD5: 73a70d6357726577526414c6dfca9e52
    SHA-256: dad7b226025a6c8bb4dd1131e8fd831c2d65ba947361fc05419df69ef66eeb92
    Size: 5.51 MB
  26. samba-libs-4.11.2-13.el8.i686.rpm
    MD5: 28ae45aa9f134616a5bc308d84c82a2d
    SHA-256: 90665da3159ac32a2ab6a745edd3036f645f64b5231bc134963da28077625055
    Size: 173.97 kB
  27. samba-winbind-modules-4.11.2-13.el8.i686.rpm
    MD5: ad60463e5ca6806e6bad8fb54c72be23
    SHA-256: fad0ecb482443b1ec95006e509f363bafa8bc96cfb49c11f569417ebff92bb40
    Size: 122.59 kB