Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2017:0495 - Security Advisory
Issued:
2017-03-23
Updated:
2017-03-23

RHSA-2017:0495 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat Gluster Storage 3.2.0 samba security, bug fixes and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for samba is now available for Red Hat Gluster Storage 3.2 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

The following packages have been upgraded to a later upstream version: samba (4.4.6). (BZ#1382287)

Security Fix(es):

  • It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125)
  • A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126)

Enhancement(s):

  • gluster vfs plugin now supports more than one volfile servers. Samba tries to connect to the next server on the list if one of the gluster server is not reachable. (BZ#1330081)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted automatically.

Affected Products

  • Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64

Fixes

  • BZ - 1290514 - (RHEL7) CTDB: SELinux: ctdb disablescript fails to execute because of SELinux avc's
  • BZ - 1379591 - [RHEL7] Bring content into empty distgit branch
  • BZ - 1382287 - [RHEL7] Rebase Samba to 4.4.6 for RHGS 3.2.0
  • BZ - 1386227 - [RHEL7] Back port changes in shadow copy module for VSS support from upstream
  • BZ - 1386230 - [RHEL7] [RFE] gluster vfs plugin should be able to make use of multiple volfile server feature of gfapi
  • BZ - 1400948 - [RHEL7] [SAMBA-CTDB]IP failover with ctdb leads to smbd crash
  • BZ - 1403114 - CVE-2016-2125 samba: Unconditional privilege delegation to Kerberos servers in trusted realms
  • BZ - 1403115 - CVE-2016-2126 samba: Flaws in Kerberos PAC validation can trigger privilege elevation

CVEs

  • CVE-2016-2125
  • CVE-2016-2126

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Gluster Storage Server for On-premise 3 for RHEL 7

SRPM
samba-4.4.6-4.el7rhgs.src.rpm SHA-256: 2c849c54b7c3233ba092b1282ba5f712bb9c1773821e31b52ec87d37037b8423
x86_64
ctdb-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 5388b635937174f841f5179f05334a286db8c0815007d4a3bc2e126738e4955a
ctdb-tests-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 176f033c45ae066785cb6b87ef602f571203bb7c563f7204b654bfec0a52d8e3
libsmbclient-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 394968e8af206a8e98f8f6455aacea0261a69d8dbf5705f593f3652bde06009a
libsmbclient-devel-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: a4544ea0cbf78e3128cc599c9e5c008fb1d23329aa211d89e5431a07213dfc1f
libwbclient-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 9a574f9258ca317b7b85d5c5b5ddf65339364b9933b5eb52a80d8b19f04635e6
libwbclient-devel-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 7a227c683fc16f12b88cda86983cd2fcce65e31f69553bbd952c51ad1117d35d
samba-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 7a5203a666c67484acf41c5db0b11f41af7a621360d0bc6b03710e249b72594c
samba-client-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: f2954e813a94e85c29a822dafd1a62aee50ff07d48a06a2246fac6cca513ae03
samba-client-libs-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: b48c305ad786dcae7dcc83b217cdfb3be0103bda41eda66b61cddfd35b743345
samba-common-4.4.6-4.el7rhgs.noarch.rpm SHA-256: 30dd4171ed8906357699f6cdd5494e191377720c3c48a8d663fb849daaad218a
samba-common-libs-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: bb7dab3e2a3dcd294bd3c7bfa40a4ec9086413eae466f86e52a183d4203d6ed9
samba-common-tools-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: cf2ae0ed34a93a52d3fb1b0f1eec03929d1109c0e185195a520dc39d66a58110
samba-dc-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: db2f6dfa5ec375032dec8e8525110fd46403bc48ffb68a629dbf320576a90091
samba-dc-libs-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 54a7c80dc56a56d6cde347b70d8b42ec47aab78ba9d44c7e842c92656da4cd81
samba-debuginfo-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: a395ca4aef23b73f1b55aa35ca9ba7968752b8b50b9159a6875f165080edc675
samba-devel-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 5d6166bd4e6f191c3fc31c57f7dd8d74e9c731a62b2689b86c9f231ccd4c08c7
samba-krb5-printing-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 87cf26f2dae6e7bf2a273e5700f87672fa186136a6f029f863141c29be4248c2
samba-libs-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 4e1e538decb4e5649380ce47dfd48bb655851b84670997e624e604f5f00486cf
samba-pidl-4.4.6-4.el7rhgs.noarch.rpm SHA-256: a6270143f05f481e85eaf43d52cb2dabc11bee4322b17f22ac405e149847031f
samba-python-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 24b1e693efd2a608ad698894b0bfe2bb7d8dc67e28143131786b797e29602917
samba-test-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: a0f3e05837d9fd3c3f62637d0c6e2e244e01c3d6559056a3957a48e852ddd757
samba-test-libs-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 6df753de9e38a80e04ba5e27ce9ac22ac50503bbcc04a128e6c0f6b3c4b04c62
samba-vfs-glusterfs-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 971ac69bbb48757259402af28e873cece4047c7c32ba914dff9663d811f42481
samba-winbind-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 7238957384e0294d0cdaface01529eb670e3ef0454368736b1f4f64dc19bc281
samba-winbind-clients-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 2b41cfa50ee87c4d107e9cd9ea218fb90b727b9fe2919866334dd73838ebca6c
samba-winbind-krb5-locator-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 760b79bd1476eed7cf8775b578f63503cd1cf161ce12a2798ce40df06ea09857
samba-winbind-modules-4.4.6-4.el7rhgs.x86_64.rpm SHA-256: 81a4a4861b058cb08ee6e0774e9947759deb30550f1ce3c324c3747b392508cb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter