ALAS2023-2023-416

Amazon Linux 2023 Security Advisory: ALAS-2023-416
Advisory Release Date: 2023-10-30 23:44 Pacific
Advisory Updated Date: 2023-11-03 22:39 Pacific

Severity: Important

References: CVE-2023-3961 CVE-2023-4091
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Samba is vulnerable to path traversal due to insufficient sanitization of clients incoming pipe names. This can lead to the client connecting to as root to a Unix domain socket outside of the Samba private directory. (CVE-2023-3961)

SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" (CVE-2023-4091)

Affected Packages:

samba

Issue Correction:
Run dnf update samba --releasever 2023.2.20231030 to update your system.

New Packages:

aarch64:
    libnetapi-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    libnetapi-4.17.12-1.amzn2023.0.1.aarch64
    samba-dcerpc-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-test-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-common-tools-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-winbind-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-libs-4.17.12-1.amzn2023.0.1.aarch64
    python3-samba-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-common-libs-4.17.12-1.amzn2023.0.1.aarch64
    samba-winbind-krb5-locator-4.17.12-1.amzn2023.0.1.aarch64
    samba-winbind-modules-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-devel-4.17.12-1.amzn2023.0.1.aarch64
    samba-winbind-clients-4.17.12-1.amzn2023.0.1.aarch64
    samba-vfs-iouring-4.17.12-1.amzn2023.0.1.aarch64
    python3-samba-dc-4.17.12-1.amzn2023.0.1.aarch64
    python3-samba-test-4.17.12-1.amzn2023.0.1.aarch64
    python3-samba-4.17.12-1.amzn2023.0.1.aarch64
    libsmbclient-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-client-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-winbind-modules-4.17.12-1.amzn2023.0.1.aarch64
    samba-debugsource-4.17.12-1.amzn2023.0.1.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-test-4.17.12-1.amzn2023.0.1.aarch64
    samba-client-libs-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-4.17.12-1.amzn2023.0.1.aarch64
    libsmbclient-4.17.12-1.amzn2023.0.1.aarch64
    samba-winbind-4.17.12-1.amzn2023.0.1.aarch64
    libwbclient-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-common-tools-4.17.12-1.amzn2023.0.1.aarch64
    samba-test-libs-4.17.12-1.amzn2023.0.1.aarch64
    samba-ldb-ldap-modules-4.17.12-1.amzn2023.0.1.aarch64
    samba-common-libs-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-libs-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-dc-libs-4.17.12-1.amzn2023.0.1.aarch64
    libsmbclient-devel-4.17.12-1.amzn2023.0.1.aarch64
    samba-winbind-clients-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-dcerpc-4.17.12-1.amzn2023.0.1.aarch64
    libwbclient-4.17.12-1.amzn2023.0.1.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-client-4.17.12-1.amzn2023.0.1.aarch64
    samba-krb5-printing-4.17.12-1.amzn2023.0.1.aarch64
    samba-client-libs-4.17.12-1.amzn2023.0.1.aarch64
    samba-test-libs-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-dc-libs-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    python3-samba-dc-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    libnetapi-devel-4.17.12-1.amzn2023.0.1.aarch64
    samba-vfs-iouring-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    libwbclient-devel-4.17.12-1.amzn2023.0.1.aarch64
    samba-krb5-printing-debuginfo-4.17.12-1.amzn2023.0.1.aarch64
    samba-tools-4.17.12-1.amzn2023.0.1.aarch64
    python3-samba-devel-4.17.12-1.amzn2023.0.1.aarch64
    samba-usershares-4.17.12-1.amzn2023.0.1.aarch64

noarch:
    samba-common-4.17.12-1.amzn2023.0.1.noarch
    samba-pidl-4.17.12-1.amzn2023.0.1.noarch

src:
    samba-4.17.12-1.amzn2023.0.1.src

x86_64:
    samba-client-libs-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-libs-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-dcerpc-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    python3-samba-test-4.17.12-1.amzn2023.0.1.x86_64
    python3-samba-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-client-4.17.12-1.amzn2023.0.1.x86_64
    libsmbclient-4.17.12-1.amzn2023.0.1.x86_64
    samba-devel-4.17.12-1.amzn2023.0.1.x86_64
    samba-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    libsmbclient-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    python3-samba-dc-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-winbind-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    python3-samba-dc-4.17.12-1.amzn2023.0.1.x86_64
    libwbclient-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-winbind-clients-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    libnetapi-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-client-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-debugsource-4.17.12-1.amzn2023.0.1.x86_64
    samba-common-libs-4.17.12-1.amzn2023.0.1.x86_64
    samba-test-libs-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-common-tools-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-test-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-winbind-modules-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-common-libs-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    python3-samba-4.17.12-1.amzn2023.0.1.x86_64
    samba-common-tools-4.17.12-1.amzn2023.0.1.x86_64
    samba-winbind-clients-4.17.12-1.amzn2023.0.1.x86_64
    samba-test-4.17.12-1.amzn2023.0.1.x86_64
    samba-libs-4.17.12-1.amzn2023.0.1.x86_64
    samba-dcerpc-4.17.12-1.amzn2023.0.1.x86_64
    libnetapi-4.17.12-1.amzn2023.0.1.x86_64
    samba-winbind-4.17.12-1.amzn2023.0.1.x86_64
    samba-4.17.12-1.amzn2023.0.1.x86_64
    samba-client-libs-4.17.12-1.amzn2023.0.1.x86_64
    libsmbclient-devel-4.17.12-1.amzn2023.0.1.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-winbind-modules-4.17.12-1.amzn2023.0.1.x86_64
    samba-test-libs-4.17.12-1.amzn2023.0.1.x86_64
    samba-dc-libs-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    libnetapi-devel-4.17.12-1.amzn2023.0.1.x86_64
    samba-vfs-iouring-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    libwbclient-4.17.12-1.amzn2023.0.1.x86_64
    libwbclient-devel-4.17.12-1.amzn2023.0.1.x86_64
    samba-dc-libs-4.17.12-1.amzn2023.0.1.x86_64
    samba-ldb-ldap-modules-4.17.12-1.amzn2023.0.1.x86_64
    samba-winbind-krb5-locator-4.17.12-1.amzn2023.0.1.x86_64
    samba-vfs-iouring-4.17.12-1.amzn2023.0.1.x86_64
    samba-krb5-printing-debuginfo-4.17.12-1.amzn2023.0.1.x86_64
    samba-krb5-printing-4.17.12-1.amzn2023.0.1.x86_64
    samba-tools-4.17.12-1.amzn2023.0.1.x86_64
    python3-samba-devel-4.17.12-1.amzn2023.0.1.x86_64
    samba-usershares-4.17.12-1.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2023-3961, CVE-2023-4091

Mitre: CVE-2023-3961, CVE-2023-4091

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-416

Additional References