Synopsis

Important: samba3x security update

Type/Severity

Security Advisory: Important

Topic

An update for samba3x is now available for Red Hat Enterprise Linux 5 Extended
Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible machines
to share files, printers, and other information.

Security Fix(es):

• A remote code execution flaw was found in Samba. A malicious authenticated
  samba client, having write access to the samba share, could use this flaw to
  execute arbitrary code as root. (CVE-2017-7494)
  

Red Hat would like to thank the Samba project for reporting this issue. Upstream
acknowledges steelo as the original reporter.

Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted automatically.

Affected Products

• Red Hat Enterprise Linux Server - Extended Life Cycle Support 5 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 5 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 5 s390x

Fixes

• BZ - 1450347 - CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE

CVEs

• CVE-2017-7494

References

• https://access.redhat.com/security/updates/classification/#important
• https://www.samba.org/samba/security/CVE-2017-7494.html
• https://access.redhat.com/security/vulnerabilities/3034621

Red Hat Enterprise Linux Server - Extended Life Cycle Support 5

SRPM
samba3x-3.6.23-14.el5_11.src.rpm	SHA-256: eca03b25e0a47040970769974eb30b8247bad660d4072aa0aaa339f49387b360
x86_64
samba3x-3.6.23-14.el5_11.x86_64.rpm	SHA-256: 508fbdffb874715e6f36bff097943a7acc2a6d0f2c447382bae9b785c958ba63
samba3x-client-3.6.23-14.el5_11.x86_64.rpm	SHA-256: e6479b4eca3f90a7b3b5af9951bed2b638e16c21520bfe57bcf75aa0f1fc967d
samba3x-common-3.6.23-14.el5_11.x86_64.rpm	SHA-256: 363bcddf5af6f1bc9f141f19fe72f9547aa8d00630550c5e62f138b43d677ac6
samba3x-debuginfo-3.6.23-14.el5_11.i386.rpm	SHA-256: 18a007dc43c6dd5ec2573b23062655553b7d906d8b280ea4f20fb3c429ee54b4
samba3x-debuginfo-3.6.23-14.el5_11.x86_64.rpm	SHA-256: 7441543cd5cec87f0eaee13d562da9ac31e5ec5dd387db333c6bbbffe168b0c6
samba3x-doc-3.6.23-14.el5_11.x86_64.rpm	SHA-256: 0bb56d79dde7ba5ae77f693968cabe5d9054b147ee06bd9307dc6ca75387404d
samba3x-domainjoin-gui-3.6.23-14.el5_11.x86_64.rpm	SHA-256: 48073d425a974d24fa120d93119d2f3cca474e8936e477f37f0d96efef0c594e
samba3x-swat-3.6.23-14.el5_11.x86_64.rpm	SHA-256: 5eecdca1ad091f98ae90019899967a741348e77a04012752d9f363a4bc03e68a
samba3x-winbind-3.6.23-14.el5_11.i386.rpm	SHA-256: a7382f4b04f8cc6b7f7bf14919b825023a2a94dbae515b66f271d2842d540049
samba3x-winbind-3.6.23-14.el5_11.x86_64.rpm	SHA-256: 6eaafbf85bf76d394fa8413fb29496140eaeb9f9319b9f8d72b10efadf4c0e2b
samba3x-winbind-devel-3.6.23-14.el5_11.i386.rpm	SHA-256: b3c75ee9e65b63cc9b7170d8830b66fce41bb29f36e2ca2bb0c77d7d7c788fed
samba3x-winbind-devel-3.6.23-14.el5_11.x86_64.rpm	SHA-256: d1ab9636dd15dc5d20a0945f2540b56d99ca6c3b28040c21b1f12239a1c19088
i386
samba3x-3.6.23-14.el5_11.i386.rpm	SHA-256: c94b7b0273135063d1439d97a04c9bdf4c9f859c5ae93d622b815446f9fb1c83
samba3x-client-3.6.23-14.el5_11.i386.rpm	SHA-256: 486ab23598e409e61dd7cdb359f7f3d125914d1e1084a9e658743eddc62d4d86
samba3x-common-3.6.23-14.el5_11.i386.rpm	SHA-256: 2b82bc896e94a0f1f71e20be2d1f0aaf8fc9df8926bf24ded207750fe49abf63
samba3x-debuginfo-3.6.23-14.el5_11.i386.rpm	SHA-256: 18a007dc43c6dd5ec2573b23062655553b7d906d8b280ea4f20fb3c429ee54b4
samba3x-doc-3.6.23-14.el5_11.i386.rpm	SHA-256: 2ab939a87b0cf6ab7381b76c9627ddc3c325656354add4e0344aaca01dc50619
samba3x-domainjoin-gui-3.6.23-14.el5_11.i386.rpm	SHA-256: 524142223012042a88c9d49972ae87cb2808277af3d70e6c220fd913b27be7b5
samba3x-swat-3.6.23-14.el5_11.i386.rpm	SHA-256: 60e0fb8883c69507107ae4af1a6f0391079da993d9020aac75eea0717eab9476
samba3x-winbind-3.6.23-14.el5_11.i386.rpm	SHA-256: a7382f4b04f8cc6b7f7bf14919b825023a2a94dbae515b66f271d2842d540049
samba3x-winbind-devel-3.6.23-14.el5_11.i386.rpm	SHA-256: b3c75ee9e65b63cc9b7170d8830b66fce41bb29f36e2ca2bb0c77d7d7c788fed

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 5

SRPM
samba3x-3.6.23-14.el5_11.src.rpm	SHA-256: eca03b25e0a47040970769974eb30b8247bad660d4072aa0aaa339f49387b360
s390x
samba3x-3.6.23-14.el5_11.s390x.rpm	SHA-256: e80d60665725e978e46d103f14fd97daf5706475b24661bcebac60fb72902c02
samba3x-client-3.6.23-14.el5_11.s390x.rpm	SHA-256: e36c02d3c2a6413965a88d008a58336461075712df245835b116e4700dd53954
samba3x-common-3.6.23-14.el5_11.s390x.rpm	SHA-256: 332d69b5d62579b28ee35547e741c9ace8262d882a86d572936fe93cc56db259
samba3x-debuginfo-3.6.23-14.el5_11.s390.rpm	SHA-256: fe410de457caaff26329dbcb854275a52ce237d7c9241b6ba6a135b14f7ba4f1
samba3x-debuginfo-3.6.23-14.el5_11.s390x.rpm	SHA-256: c26f817663d42bab6c0ac697badff8c1cda9e710afa91057c9636526ab0971a2
samba3x-doc-3.6.23-14.el5_11.s390x.rpm	SHA-256: 304984f4bd9b295c41309d3ce7c1e86f7b9832bc1903fab81440efb50da85fdb
samba3x-domainjoin-gui-3.6.23-14.el5_11.s390x.rpm	SHA-256: 7e4d688d0e8bcb6f6bc4cae8f6237443a1ce171d5df6db5bc8f7c61202a0dfab
samba3x-swat-3.6.23-14.el5_11.s390x.rpm	SHA-256: b1482de0c181512f7b6d7f16dc1e250fc0dcfe619ae8fa412cbef7162e096284
samba3x-winbind-3.6.23-14.el5_11.s390.rpm	SHA-256: c3b1a49c1046bb5b4953c7c6b1ca225b051758cac0b00094b31fd04bb5030701
samba3x-winbind-3.6.23-14.el5_11.s390x.rpm	SHA-256: 4fa938c5794ed841f76df0ee205d0ba871eac6a38cabb7595f7239da38d4f938
samba3x-winbind-devel-3.6.23-14.el5_11.s390.rpm	SHA-256: 1c5ab898dc92fdfa8850b74be3d37a22320b63fa3391e647a1940d71c4542f73
samba3x-winbind-devel-3.6.23-14.el5_11.s390x.rpm	SHA-256: 90d9b6145059b8002a6029ef2953eeb77b0ead49232b9cf964d52c0cc12f5d83