samba-4.6.2-11.el7

エラータID: AXSA:2017-2305:06

Release date: 
Monday, October 9, 2017 - 21:23
Subject: 
samba-4.6.2-11.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various
information.

Security Fix(es):

* It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150)

* A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. (CVE-2017-12151)

* An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163)

Asianux would like to thank the Samba project for reporting CVE-2017-12150 and
CVE-2017-12151 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan
Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163.
Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of
CVE-2017-12150 and CVE-2017-12151.

CVE-2017-12150
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-12151
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-12163
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2017-12150
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
CVE-2017-12151
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
CVE-2017-12163
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
Additional Info: 

N/A

Download: 

SRPMS
  1. samba-4.6.2-11.el7.src.rpm
    MD5: c7498cdb95582017ca5eecb3833be632
    SHA-256: 1dfbc8c8ebf447abd44abbb241c157a738d89c161d9605224394c5e9c0d0ffca
    Size: 14.25 MB

Asianux Server 7 for x86_64
  1. ctdb-4.6.2-11.el7.x86_64.rpm
    MD5: 0eb8b9b60333f193bc1d562a20ee10cd
    SHA-256: b04fbe77b22ebfabf3d2031e99e4f5475cc90a326c51e9b4939779f762d2ce69
    Size: 691.81 kB
  2. ctdb-tests-4.6.2-11.el7.x86_64.rpm
    MD5: 998fca5d22e0846ebeac0e8c21a40b3b
    SHA-256: c56d515fe2a047684a3de5aca12b8e363e6bf15265b42dcd01ef29b91984d726
    Size: 827.73 kB
  3. libsmbclient-4.6.2-11.el7.x86_64.rpm
    MD5: d9cef4e85171d5328b33acc6ff0290aa
    SHA-256: c57e2d62851398f9ec09bc002fcb9a0faa1a9cfecef3d5de676e62136b86bc39
    Size: 128.57 kB
  4. libwbclient-4.6.2-11.el7.x86_64.rpm
    MD5: e741855de5fa85c8854b070d9a2998b3
    SHA-256: f49161e2b5009854c95580a31c163552942a23cb4f2fd1c39d7574ed9d15c2d2
    Size: 103.45 kB
  5. samba-4.6.2-11.el7.x86_64.rpm
    MD5: a260b5514accec52218c84868ed46f71
    SHA-256: d272e0112046319f904a9e6159d07fca4724f4b01d6f21936efa59928b2cc6ec
    Size: 632.38 kB
  6. samba-client-4.6.2-11.el7.x86_64.rpm
    MD5: e96c006fa15ac03845008336f7c35514
    SHA-256: ece44c08a39010eaffc8e0511c6ee1005a5803cf8c24b5eee2158d5fc40e9e47
    Size: 596.78 kB
  7. samba-client-libs-4.6.2-11.el7.x86_64.rpm
    MD5: 504d632552374cc56c12f04bdd603176
    SHA-256: 0ca86ae55d197a808916ba87142ca7f97f815ab375ca552bdc9187ac87374496
    Size: 4.72 MB
  8. samba-common-4.6.2-11.el7.noarch.rpm
    MD5: 6ec78ad6ab1ff825ac3404577c5c3102
    SHA-256: 0c8484b68236b7b38bc33924465afad7faf96d657e64ee9d3404e5b95319e923
    Size: 196.46 kB
  9. samba-common-libs-4.6.2-11.el7.x86_64.rpm
    MD5: 84e7fa3a7e1b02b454684bf24b50fd38
    SHA-256: c401c476fd8bf80503691f46944e87eadf032f174a46c9e8a496aa6d07972e62
    Size: 163.20 kB
  10. samba-common-tools-4.6.2-11.el7.x86_64.rpm
    MD5: 2e91aa250346207927653e106b325e17
    SHA-256: 58fd8d81e6da19655b13a31a3c1a86250b3245213bc232dbd8bb6d30041f4b8f
    Size: 455.40 kB
  11. samba-krb5-printing-4.6.2-11.el7.x86_64.rpm
    MD5: b7793c1580ef79ae0543e4c82571d8d0
    SHA-256: d98b1d61c10d44be549604c0e76d229fea8e43aea04655a7747052bc7aff1976
    Size: 86.00 kB
  12. samba-libs-4.6.2-11.el7.x86_64.rpm
    MD5: 41bc8fba59375b4bd7577c156d3ebfb6
    SHA-256: 6198b339ec121513e68801892159f9ff60cf17c37c5a3adb7665a93435b953fb
    Size: 263.60 kB
  13. samba-python-4.6.2-11.el7.x86_64.rpm
    MD5: 7e9a9594768eb96b99ebd2f1a1331960
    SHA-256: cd7cc6799a733be004fa0ebbbecc56dd3a6e2dcff15b2df3a6a23fdbedbf411a
    Size: 2.84 MB
  14. samba-winbind-4.6.2-11.el7.x86_64.rpm
    MD5: 53807029745fc2defff4326e57326a2b
    SHA-256: 89d2ac5f4bf397474ad1913aabe21dc19cef6a0a41976614c6c3f8e90fccaf54
    Size: 515.23 kB
  15. samba-winbind-clients-4.6.2-11.el7.x86_64.rpm
    MD5: d5d59194b0f48001e92a2cb871ac7b8f
    SHA-256: 81b53010959a148e73610b3df2644e5b5240f6824efe0f9c5a1139cda65fddb8
    Size: 127.76 kB
  16. samba-winbind-modules-4.6.2-11.el7.x86_64.rpm
    MD5: 73d228a4de4b945d945b931811a147ae
    SHA-256: 8baa09322820b9cfdbd98a765987ebdb5aae2ff82c7e9f81f153bc715cf4a0dd
    Size: 110.38 kB
  17. libsmbclient-4.6.2-11.el7.i686.rpm
    MD5: fdaac4f1bd8c19a654a3d62cf7e4ce5f
    SHA-256: 78934720e29f64bb8731a8c2fc4aaa496f3a983049cd767a3acd453f076cd6b1
    Size: 128.81 kB
  18. libwbclient-4.6.2-11.el7.i686.rpm
    MD5: 94abd35e803d507e0e0b91ba977b2628
    SHA-256: 11ff69cff4be52964a832f02c23a725ffdca70220a7e2ea236c8c501b2d0b886
    Size: 104.17 kB
  19. samba-client-libs-4.6.2-11.el7.i686.rpm
    MD5: c9631f813844cf61c6d6f76b92eff2d5
    SHA-256: 8de559e066609c842a4d3a97b228d915a512b319bac88282e96c0832d7709069
    Size: 4.72 MB
  20. samba-libs-4.6.2-11.el7.i686.rpm
    MD5: 576e0e34c10cb0b47881ec7445d14e8e
    SHA-256: d2ec9db7c55327994bf6f36d17e4dc9f760fe8f5346c20ff9ea66ca70c58ead8
    Size: 266.48 kB
  21. samba-winbind-modules-4.6.2-11.el7.i686.rpm
    MD5: ee9df3de4c536aee2ace2f1c95bdb837
    SHA-256: c5a13852f7a5a0ab212ad910273379b20d06ad21379ae0d098ee163765661133
    Size: 110.40 kB