Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:2858 - Security Advisory
Issued:
2017-10-04
Updated:
2017-10-04

RHSA-2017:2858 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: samba security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for samba is now available for Red Hat Gluster Storage 3.3 for RHEL 6 and Red Hat Gluster Storage 3.3 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

  • It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150)
  • A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. (CVE-2017-12151)
  • An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163)

Red Hat would like to thank the Samba project for reporting CVE-2017-12150 and CVE-2017-12151 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150 and CVE-2017-12151.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted automatically.

Affected Products

  • Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
  • Red Hat Gluster Storage Server for On-premise 3 for RHEL 6 x86_64

Fixes

  • BZ - 1488197 - CVE-2017-12151 samba: SMB2 connections don't keep encryption across DFS redirects
  • BZ - 1488400 - CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should
  • BZ - 1491206 - CVE-2017-12163 Samba: Server memory information leak over SMB1

CVEs

  • CVE-2017-12150
  • CVE-2017-12151
  • CVE-2017-12163

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Gluster Storage Server for On-premise 3 for RHEL 7

SRPM
samba-4.6.3-6.el7rhgs.src.rpm SHA-256: d71ad5cb57914bceb4b9a9edef0aea2d10c09f26568194c63d6a35254b4c98ff
x86_64
ctdb-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 13ce4beb0b6fed92d51536b9116ccd573ec08a037bf9525455fd51bf09a60489
ctdb-tests-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 10a280b3e3af74477d1114e00f0917de002be7a24b040d3c43536b6ec4a4eff3
libsmbclient-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 369b72d36ce881d6f7dcb71d70ddd5121c0fa05f76e6b97a7ed0d77f9a922ea5
libsmbclient-devel-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: fd9b9edf929f08d4cbf9f7ae00325d19ba373dcf03f95946cb85711df534aa2d
libwbclient-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: af0ed7d239968f3b032ea13709b577280d5b372988b0aca74aaa89e7bc731db3
libwbclient-devel-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 4daedaf10871d21e96a7d7ff631a21c300a3f815e143a61b3bfedfe3566689b9
samba-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: d43de9f032feb4ee9cde1ec44c9fcdc582271e362c4927d138332e36e0aea7e5
samba-client-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 34719659f7a3318dc04de75aba0628b4e96b2f830d7fe650b9c66a444a93e9eb
samba-client-libs-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: e42ee257454a14c3b76ce576fdd4a097c3c8017bbf86220179f1484f9262a67d
samba-common-4.6.3-6.el7rhgs.noarch.rpm SHA-256: c779d94337415670168ae88629133f994aab3d2b7c2239c0b76ddf8565b3c304
samba-common-libs-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: ccef0393a4bb5e9a4c2bb13d25dffea3628acbb938868feefeab1a1e1d10b041
samba-common-tools-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: fc876a7bf597ce6e3b63f7140e9d08f2166333724d652c6b2670ccfeca209bf9
samba-dc-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 4c498bb922083e8ba05d334ac10a59061203dda5126c27a15da289fbd5f1c426
samba-dc-libs-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: bfde95c825a1f4a9656959a20a1247751480134c6e684593353e11a7cf817c86
samba-debuginfo-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 46dca61bed05371ace6de48e0ef724eebf818974b09c9da11ce8842203e163af
samba-devel-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 0e2349aaf0b93029b81f6dd719b53b4f5f0fd97ca54f6b325711e3b8cef067cb
samba-krb5-printing-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 444a84425a7a5db03e02fd5c8f26b42ad7ea16edb38ed1698c2cbdb39807ce7c
samba-libs-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: ea55b1f2df1bd099164245923a7017d38be3f1eec0e492d477e64887b38e950d
samba-pidl-4.6.3-6.el7rhgs.noarch.rpm SHA-256: a9b8badb2e865593af3086f0e4e89fe7eeb125c32e352d29068dc0c8868abd2e
samba-python-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: bb8600768fea4329af8a408f75e36a4df5b42a39e1615496dae354d03a82c236
samba-test-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 67b62a8c01837c92cb335d6b080466f0a6576d31a0f03300c9b0c2e7a3e49a13
samba-test-libs-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: acbb093cee2a2880bf5345693c113646e32f9692d8119b580eab5d252c91aafb
samba-vfs-glusterfs-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 44eb927766b322614308f781e5e65f389dcbd7d15d55edbd31833fcb6c085edf
samba-winbind-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 7dffcf1a9d066960eab8daaf92674751b81b65c136f9c9cd8ce116ee712361ac
samba-winbind-clients-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: f123d9b36ff4b4bde435574055be9865dc6554d87e77762b45ba8f474a382dd7
samba-winbind-krb5-locator-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 7a28ed93dfc41f583b64d479f9dcc6300d499f4622d83a3967e77af56d8ce5d4
samba-winbind-modules-4.6.3-6.el7rhgs.x86_64.rpm SHA-256: 5b82d32e829ecbdfc1a6055ecf62f9a9f79294c7ff7092cf0a273d5f99b27cff

Red Hat Gluster Storage Server for On-premise 3 for RHEL 6

SRPM
samba-4.6.3-6.el6rhs.src.rpm SHA-256: a4e5d113330d4bde3f4b72253296e987b0b99bb81e7143478eeb34aec86068b0
x86_64
ctdb-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 94bbf7d278486a2aab0f8ad58c72500747999b75fb43abffbdffe354a02207e8
ctdb-tests-4.6.3-6.el6rhs.x86_64.rpm SHA-256: d4131345fa036af4785ff7d04869285a8e1f450de242749f8bbb4c69060e894c
libsmbclient-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 7e9c2ef195a0576e63d12c8c1d6f84a077a67595aede1cc7684f7119bf08179d
libsmbclient-devel-4.6.3-6.el6rhs.x86_64.rpm SHA-256: b09cefa4d01d0a37c4021a5e6d3efaa98d2f10e4bc799e56db89942866c56657
libwbclient-4.6.3-6.el6rhs.x86_64.rpm SHA-256: dc651cc7db646088aca3acb501d395e62229f7c92400bc4f2cac0137a46d65f2
libwbclient-devel-4.6.3-6.el6rhs.x86_64.rpm SHA-256: e1e35fb0fdb39b387cb8a74e5ea2bd1e07baa78efe0ee1a5f4f15b498a908107
samba-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 473314ac9d23e2b9bb35d355afdf25f8f0719b53b858fdc72ee90a49ae29b563
samba-client-4.6.3-6.el6rhs.x86_64.rpm SHA-256: b534cd05c3bc1bbba7ddb3ac98def94b655ccb32d11b99966e6f4708d17ccee5
samba-client-libs-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 9baae0014a88d7d283b213c41d20b8a71267878f20548d893be5feddc215c195
samba-common-4.6.3-6.el6rhs.noarch.rpm SHA-256: 7738d0f350048739ca1a00467075667214f5c64a7625f43e4e85224a48a02ecf
samba-common-libs-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 8ed6cd23baf1b87bacd2e1d9da4bcb53cdc2e23a353d2324ebc2fdb44ec27ae3
samba-common-tools-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 8907b70e6ef3c43ec36dc0408f0aef730d219da162786479b7b17d8e2026aa14
samba-dc-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 75eebca87038cdc495c73e635bf95fec4ba97f207cd6ee12cbc6fdfe2bd42f47
samba-dc-libs-4.6.3-6.el6rhs.x86_64.rpm SHA-256: a7cce964e7e7f67247e80604806bdc91a6f59297801a923a27408d033e5d979b
samba-debuginfo-4.6.3-6.el6rhs.x86_64.rpm SHA-256: d14f4f1ab2c3ef1dd9ca0a0d440bbdd2c5e84c3b9efc50ecce3af4079a6a399c
samba-devel-4.6.3-6.el6rhs.x86_64.rpm SHA-256: a04e1ef097a5c0d4c9171436654f5548aecdd4ccc0d63d72853055c6c2adb739
samba-krb5-printing-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 5df65804c8e6d1dd408532e9ffde1b63aad7dfaf12bc75dd5f4e3459db5f7006
samba-libs-4.6.3-6.el6rhs.x86_64.rpm SHA-256: c4c1c544327b525bfdc0a79343d6eb57e4ec576e8a503048e4fd9bdeddb787bb
samba-pidl-4.6.3-6.el6rhs.noarch.rpm SHA-256: a2318b33e56545187f9f094eddafaa15dff90c79884e8f58587f5ad2ee824cc6
samba-python-4.6.3-6.el6rhs.x86_64.rpm SHA-256: f4c9e71db2e51624cf9743d929f17479f3924edf460eb0e87519561f66bb1106
samba-test-4.6.3-6.el6rhs.x86_64.rpm SHA-256: fb9c9880031c980f88c6aefd804d5c22ea98965a4ed52d276e2833b90f75b04a
samba-test-libs-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 6423439b7f97deb2c9b0af4db3e5b3ad45273d95a6e47d3287d5c24dc4849439
samba-vfs-glusterfs-4.6.3-6.el6rhs.x86_64.rpm SHA-256: fdaf70480ffe45a76d52a62e53bb0d8d62b1f4513cc1ac3cc64434e2c4420b53
samba-winbind-4.6.3-6.el6rhs.x86_64.rpm SHA-256: ecaeab8b39073826e026568f1febac1a10f3e584d1fd75d2309e8327da4e620f
samba-winbind-clients-4.6.3-6.el6rhs.x86_64.rpm SHA-256: c4ce1d0375a041fdce03306f8a35cc543a9de12cecc90bbfbaecc7f16491a773
samba-winbind-krb5-locator-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 3d450cf953938ca7c96be3e990bf03eb9a6b01c346748c01fd04d48c9474df73
samba-winbind-modules-4.6.3-6.el6rhs.x86_64.rpm SHA-256: 75e1c713400352552a3339981c641b9e96bbad3b1584269b804428d713f92ebf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility