samba4-4.2.10-15.0.1.AXS4

エラータID: AXSA:2021-1573:01

Release date: 
Thursday, March 11, 2021 - 06:00
Subject: 
samba4-4.2.10-15.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

* samba: Netlogon elevation of privilege vulnerability (Zerologon)
(CVE-2020-1472)

* samba: Missing handle permissions check in SMB1/2/3 ChangeNotify
(CVE-2020-14318)

* samba: Unprivileged user can crash winbind (CVE-2020-14323)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Bug Fix(es):

* The 'require_membership_of' documentation in pam_winbind manpage is
incorrect (BZ#1853272)

* Malfunctioning %U substitution in valid users option (BZ#1868917)

* Regression: smbd and nmbd are restarted when samba-winbind package is
upgraded (BZ#1878205)

* winbindd memory leak on wbinfo -u with security=ADS (BZ#1892313)

CVE-2020-14318
A flaw was found in the way samba handled file and directory permissions. An
authenticated user could use this flaw to gain access to certain file and
directory information which otherwise would be unavailable to the attacker.
CVE-2020-14323
A null pointer dereference flaw was found in samba's Winbind service in versions
before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this
flaw to crash the winbind service causing denial of service.
CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a
vulnerable Netlogon secure channel connection to a domain controller, using the
Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege
Vulnerability'.

Additional info:
https://access.redhat.com/errata/RHSA-2020:5439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472

Solution: 

Update packages.

CVEs: 
CVE-2020-14318
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
CVE-2020-14323
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
Additional Info: 

N/A

Download: 

SRPMS
  1. samba4-4.2.10-15.0.1.AXS4.src.rpm
    MD5: 23196f383ae6c55c6e030ff8d4595f8d
    SHA-256: 55c31342030e061f353e74f68dc8473fbf3f892e8369973cfd7115be653b8e56
    Size: 16.08 MB

Asianux Server 4 for x86
  1. samba4-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: ef655cd9f57d957ce842aa0d16e4ef5a
    SHA-256: 327c3d3811c555c59a1bc89e673746fa0ac7a0701f15b476ded93dc3faa473a0
    Size: 426.78 kB
  2. samba4-client-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: d2797b27b817937f908fb65528c58aa6
    SHA-256: 4220ec9cb37462cc1e1ba57f3a25b2fb1eac09ce044c8b7e2b3ad293a6c52fd4
    Size: 412.52 kB
  3. samba4-common-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 0551826edfb0c840cdef9a331079ac50
    SHA-256: 00a66664fc583a643fb32cfd9f4874aa512e66956e711ccf91bd4d114edd1a54
    Size: 654.03 kB
  4. samba4-dc-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: fa4e9df940afcbedb93a70139fb99d43
    SHA-256: 0a4292703b4ca522a3675bf1010755092dfb50799cda5ea88f75e1ef58a8ef8d
    Size: 15.30 kB
  5. samba4-dc-libs-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 6543a040684a11c4068dd265be47b302
    SHA-256: 60d9849965fdddf10bb773055aecaf98c5b0b5ab96f8e128ac94edda0614a4b1
    Size: 15.33 kB
  6. samba4-devel-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 52621c34108fe1f8bc5f677bb9e1148a
    SHA-256: 27cc3fb193d9f5752ca61c21995850c1f88849cc0d96f0c979d7fb72a4c66e74
    Size: 316.92 kB
  7. samba4-libs-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: cdfebcb5f4b6905ec4e3779f0184604a
    SHA-256: d8a0836229140f774dcba7606bb62fa83b38e8de65bf73798c1e127f91a8565a
    Size: 4.41 MB
  8. samba4-pidl-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 2773ac271a9e54ae1680374dd0920042
    SHA-256: 110a231bba5cd67bed4723fe1b0f199fcb475cd871427d9a2388182725634203
    Size: 111.41 kB
  9. samba4-python-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 3f92bc3b7ea790f7adf8af470f30319f
    SHA-256: 0688089629816dac4eb61cb22f4b8bf11665941000133d9b360fc7f76ee34922
    Size: 1.87 MB
  10. samba4-test-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 5d98f787e015785c72d1214516c98318
    SHA-256: 49dbd48b43cf87598e1dc5affcd69c9fb2c1d67df5eb148cf6b67e42da3c5f1c
    Size: 1.53 MB
  11. samba4-winbind-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 7636b0e3afab8c8b3360c33c5727ab62
    SHA-256: 51355e5d349de23663abfd891d6da18f907fbaae5b4670bb89648d02775e32b3
    Size: 406.69 kB
  12. samba4-winbind-clients-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 42357ef81d9829e338fd75554cfa95e3
    SHA-256: 98ac3824b50234cb929eaeb208d7bbcbd71b4ca2b62809abbf4fc2395da3d609
    Size: 92.04 kB
  13. samba4-winbind-krb5-locator-4.2.10-15.0.1.AXS4.i686.rpm
    MD5: 8e1361ae719eb48891d4130aebc445d6
    SHA-256: 58659fdfcf204b513bdc6586b1b67a0ca7479e67b09229667efb2fb1f32f238a
    Size: 19.79 kB

Asianux Server 4 for x86_64
  1. samba4-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 300088148aae1dbd8d58102a47533cb4
    SHA-256: 7ac9c7590b434148009ad65eddde1fed69b77631399e5c8639fe59bc22edeb33
    Size: 427.13 kB
  2. samba4-client-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: e4545a7fd79c3a51e1cd62a7757c4093
    SHA-256: f453b2517f051e2fa49db4fc7e3d977da46038a7c643276222d5924d329c17af
    Size: 405.72 kB
  3. samba4-common-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 0cc0799b27b08575173eebc0b0018e9e
    SHA-256: 7ca91ea278f2f842ff86e9825d873b35176408e38f220394562665872ad72aef
    Size: 645.86 kB
  4. samba4-dc-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: a95d39a05b6d43c6ec2a0c1be775b1ce
    SHA-256: a1143885c351d9dcf91ecf410ba2c8a14e34b1744fe36da3d01d4792a1c39616
    Size: 14.84 kB
  5. samba4-dc-libs-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: f9bdcb91cadb645a071d6bf9928d5dee
    SHA-256: efdaa975d5776f1d03c32a10c703d90bebfa57e5fefd6ba333c8a3d160250fd7
    Size: 14.88 kB
  6. samba4-devel-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 58055c2293ac139f43752487e1f8cd82
    SHA-256: f83d42c4381e01f91065ee5dfb2cb5bf54abad7f592c8e0880837186adec3203
    Size: 316.65 kB
  7. samba4-libs-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 704032e91232427d8180130e32d73517
    SHA-256: b1c1eadf33d33c96632c2ec8b4f7b7e132802e9179a76cab9740dd47eaccd15f
    Size: 4.36 MB
  8. samba4-pidl-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 381b96d458b7379ec3bf732bcc8e6725
    SHA-256: 09389f56d208e897386618de3dc6bfa4861942ce7f172eae574a2abd6cd993e0
    Size: 110.97 kB
  9. samba4-python-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 3a2d1dfa9062d67d2ff042784f15ceff
    SHA-256: 552496fa99c56f86e4d779a9a2b7d91d51e43bf11a2737c2e7c2c8e1de29b822
    Size: 1.92 MB
  10. samba4-test-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 867f90530dbfdf5f708906029fb0a7d5
    SHA-256: c0ad7bacded06f443013e02440dc513d6ef9fce274748383de6499e0c8f4db12
    Size: 1.45 MB
  11. samba4-winbind-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: b5d48f795ba79dda5dbfb715819d87d0
    SHA-256: 11d36a64ffe86a570e77dd80d742f549176f165a8b456e8a2aabe8c86eeca69e
    Size: 396.18 kB
  12. samba4-winbind-clients-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 819565244620f7ccc5f63b7166b78b6f
    SHA-256: 0177de54094d5c7e2bdcf0968fc7a2bcd7196ff2a851a8e93fc34a73f6b3c6d4
    Size: 92.81 kB
  13. samba4-winbind-krb5-locator-4.2.10-15.0.1.AXS4.x86_64.rpm
    MD5: 47779063322e0a2eb25af00124705f7c
    SHA-256: 7a7cf3b8b4192fd318e1783faaefb2e5e9e800bb12545c10a91f5b318b5edab1
    Size: 19.44 kB