RedHat: RHSA-2020-3118:01 Moderate: samba security update

    Date 22 Jul 2020
    124
    Posted By LinuxSecurity Advisories
    An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: samba security update
    Advisory ID:       RHSA-2020:3118-01
    Product:           Red Hat Gluster Storage
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3118
    Issue date:        2020-07-23
    CVE Names:         CVE-2020-10730 
    =====================================================================
    
    1. Summary:
    
    An update for samba is now available for Red Hat Gluster Storage 3.5 on Red
    Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Gluster 3.5 Samba on RHEL-7 - noarch, x86_64
    
    3. Description:
    
    Samba is an open-source implementation of the Server Message Block (SMB)
    protocol and the related Common Internet File System (CIFS) protocol, which
    allows PC-compatible machines to share files, printers, and various
    information.
    
    Security Fix(es):
    
    * samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP
    Server with ASQ, VLV and paged_results (CVE-2020-10730)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    All users of Samba with Red Hat Gluster Storage are advised to upgrade to
    these updated packages.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    After installing this update, the smb service will be restarted
    automatically.
    
    For details on migrating Samba/CTDB configuration files, refer to: 
    
    https://access.redhat.com/solutions/4311261
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1849489 - CVE-2020-10730 samba:  NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results
    
    6. Package List:
    
    Red Hat Gluster 3.5 Samba on RHEL-7:
    
    Source:
    samba-4.11.6-107.el7rhgs.src.rpm
    
    noarch:
    samba-common-4.11.6-107.el7rhgs.noarch.rpm
    samba-pidl-4.11.6-107.el7rhgs.noarch.rpm
    
    x86_64:
    ctdb-4.11.6-107.el7rhgs.x86_64.rpm
    libsmbclient-4.11.6-107.el7rhgs.x86_64.rpm
    libsmbclient-devel-4.11.6-107.el7rhgs.x86_64.rpm
    libwbclient-4.11.6-107.el7rhgs.x86_64.rpm
    libwbclient-devel-4.11.6-107.el7rhgs.x86_64.rpm
    python3-samba-4.11.6-107.el7rhgs.x86_64.rpm
    samba-4.11.6-107.el7rhgs.x86_64.rpm
    samba-client-4.11.6-107.el7rhgs.x86_64.rpm
    samba-client-libs-4.11.6-107.el7rhgs.x86_64.rpm
    samba-common-libs-4.11.6-107.el7rhgs.x86_64.rpm
    samba-common-tools-4.11.6-107.el7rhgs.x86_64.rpm
    samba-debuginfo-4.11.6-107.el7rhgs.x86_64.rpm
    samba-devel-4.11.6-107.el7rhgs.x86_64.rpm
    samba-krb5-printing-4.11.6-107.el7rhgs.x86_64.rpm
    samba-libs-4.11.6-107.el7rhgs.x86_64.rpm
    samba-vfs-glusterfs-4.11.6-107.el7rhgs.x86_64.rpm
    samba-winbind-4.11.6-107.el7rhgs.x86_64.rpm
    samba-winbind-clients-4.11.6-107.el7rhgs.x86_64.rpm
    samba-winbind-krb5-locator-4.11.6-107.el7rhgs.x86_64.rpm
    samba-winbind-modules-4.11.6-107.el7rhgs.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2020-10730
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXxkUVdzjgjWX9erEAQgzsQ/+Po0hHDZruQjI5hTOZDEPXyeBk/JhOCsV
    x+JhKwKRhmaah5V3f3ojYYqqgmqKIwtvemWiIQfLw8H/tGDRAE1r4zLiGa2VNZOh
    b5EkHMvyudBiKe0n7XM6ksTxcqruMzVlSjfwylJN6omdEdJcmEEAwO6sM7fjZzbb
    uPjFhO+sG7+gLHxHN4mjMwRTmSus5h+TteMm891M0QNkXkJ6rZ9kM8WtiqSXsWpZ
    Ry4pUy9oSvehLJx5qiNkiB2Zd8ws3Pt/YMBRczZmard9unIk0UOzveclxMreG4+L
    xMusCOGaVGTS0BsXKrttpS9gVEt8rdOTn0bd4yOY+Yw5E9ZAvxBrWSWaplSyPWfd
    wjPo40BHBLfFx1mOlishILc9hPLYhkbjVuIf8RQyrBNfun5ya5W6nshlyulYQfWT
    p4mMlQe1iHVKnbAtWHzDPd3bid1rCr4Bay1Pn2yRlLt3Or2ogQWlYMYZkT7opgGr
    UKPMrlzZCo6w2uydpqVpw3i3lHEFol2yreNEXELLYk8SXPVVobIBbpHw8fUl0lsM
    ye5WA5K/9/g0Hm5yJnyUebEmkg+kIGiUAo7tfsCcaPzg4Nxd6U0nDktnaqAolRAM
    QqW0sBEHyEOU7FYlDrdzBJA+iu+5YGuwnl+kM3UzVH/g7n1LL81KovNlzUZvAJhT
    VWTDt1yk+Ec=
    =xxPj
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"7","type":"x","order":"1","pct":70,"resources":[]},{"id":"121","title":"No ","votes":"3","type":"x","order":"2","pct":30,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.