ELSA-2022-0328

Опубликовано: 01 фев. 2022

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2022-0328: samba security and bug fix update (CRITICAL)

[4.10.16-18]

resolves: #2034800 - Fix usermap script regression caused by CVE-2020-25717
resolves: #2036595 - Fix MIT realm regression caused by CVE-2020-25717
resolves: #2046148 - Fix CVE-2021-44142

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

ctdb

4.10.16-18.el7_9

ctdb-tests

4.10.16-18.el7_9

libsmbclient

4.10.16-18.el7_9

libsmbclient-devel

4.10.16-18.el7_9

libwbclient

4.10.16-18.el7_9

libwbclient-devel

4.10.16-18.el7_9

samba

4.10.16-18.el7_9

samba-client

4.10.16-18.el7_9

samba-client-libs

4.10.16-18.el7_9

samba-common

4.10.16-18.el7_9

samba-common-libs

4.10.16-18.el7_9

samba-common-tools

4.10.16-18.el7_9

samba-dc

4.10.16-18.el7_9

samba-dc-libs

4.10.16-18.el7_9

samba-devel

4.10.16-18.el7_9

samba-krb5-printing

4.10.16-18.el7_9

samba-libs

4.10.16-18.el7_9

samba-pidl

4.10.16-18.el7_9

samba-python

4.10.16-18.el7_9

samba-python-test

4.10.16-18.el7_9

samba-test

4.10.16-18.el7_9

samba-test-libs

4.10.16-18.el7_9

samba-winbind

4.10.16-18.el7_9

samba-winbind-clients

4.10.16-18.el7_9

samba-winbind-krb5-locator

4.10.16-18.el7_9

samba-winbind-modules

4.10.16-18.el7_9

Oracle Linux x86_64

ctdb

4.10.16-18.el7_9

ctdb-tests

4.10.16-18.el7_9

libsmbclient

4.10.16-18.el7_9

libsmbclient-devel

4.10.16-18.el7_9

libwbclient

4.10.16-18.el7_9

libwbclient-devel

4.10.16-18.el7_9

samba

4.10.16-18.el7_9

samba-client

4.10.16-18.el7_9

samba-client-libs

4.10.16-18.el7_9

samba-common

4.10.16-18.el7_9

samba-common-libs

4.10.16-18.el7_9

samba-common-tools

4.10.16-18.el7_9

samba-dc

4.10.16-18.el7_9

samba-dc-libs

4.10.16-18.el7_9

samba-devel

4.10.16-18.el7_9

samba-krb5-printing

4.10.16-18.el7_9

samba-libs

4.10.16-18.el7_9

samba-pidl

4.10.16-18.el7_9

samba-python

4.10.16-18.el7_9

samba-python-test

4.10.16-18.el7_9

samba-test

4.10.16-18.el7_9

samba-test-libs

4.10.16-18.el7_9

samba-vfs-glusterfs

4.10.16-18.el7_9

samba-winbind

4.10.16-18.el7_9

samba-winbind-clients

4.10.16-18.el7_9

samba-winbind-krb5-locator

4.10.16-18.el7_9

samba-winbind-modules

4.10.16-18.el7_9

Связанные CVE

CVE-2021-44142

Ссылки на источники

Связанные уязвимости

CVE-2021-44142

CVSS3: 8.8

ubuntu

больше 3 лет назад

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.