[ALSA-2021:1647] Moderate: samba security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description:
Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.13.3). (BZ#1878109) Security Fix(es): * samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318) * samba: Unprivileged user can crash winbind (CVE-2020-14323) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
i686 libwbclient-devel-4.13.3-3.el8.i686.rpm 2acd42b28a28ff2d11e61882f72bb6ed65e4137bc1a7ffcb743eb191f03a63ea
i686 openchange-2.3-27.el8.i686.rpm 39c093a41e06aab113134b03a72cfa76f4f2918e8b1cc4ffd1695d29af92feb7
i686 libsmbclient-devel-4.13.3-3.el8.i686.rpm 6af030548546455679c0c05729d7c34a6e289e216d9a7ffcec9261bc81d30635
i686 samba-devel-4.13.3-3.el8.i686.rpm 902fc13eb7cfde84c8a52a3e51d12bc52b5f0ee3009de62c5805af825289add6
x86_64 samba-devel-4.13.3-3.el8.x86_64.rpm 94a27eeeb5d19e6eeec9f66dc93cfab79edb6ab6cf5c114c4a395a45a14f4f87
x86_64 openchange-2.3-27.el8.x86_64.rpm b6f2bd1dfbecaf19de5f213d56a01d8126746a80bbe78030636c6353ec1877c4
x86_64 libwbclient-devel-4.13.3-3.el8.x86_64.rpm dc86605fefd8dcf4d1611db6406e3c0f42da54f29f860c75ebd4226394860503
x86_64 libsmbclient-devel-4.13.3-3.el8.x86_64.rpm e317684a3a0e2124f78b82e06b14ae6c0344410759357f0f59e6e595ea46a949
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.