Amazon Linux 1 Security Advisory: ALAS-2016-634
Advisory Release Date: 2016-01-18 11:00 Pacific
Advisory Updated Date: 2016-01-18 11:00 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path.
A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.
A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text.
Affected Packages:
samba
Issue Correction:
Run yum update samba to update your system.
i686:
samba-devel-4.2.3-11.28.amzn1.i686
libsmbclient-devel-4.2.3-11.28.amzn1.i686
samba-winbind-modules-4.2.3-11.28.amzn1.i686
ctdb-tests-4.2.3-11.28.amzn1.i686
samba-client-4.2.3-11.28.amzn1.i686
samba-debuginfo-4.2.3-11.28.amzn1.i686
samba-libs-4.2.3-11.28.amzn1.i686
samba-winbind-4.2.3-11.28.amzn1.i686
samba-test-4.2.3-11.28.amzn1.i686
samba-client-libs-4.2.3-11.28.amzn1.i686
samba-common-libs-4.2.3-11.28.amzn1.i686
libwbclient-devel-4.2.3-11.28.amzn1.i686
ctdb-4.2.3-11.28.amzn1.i686
samba-test-libs-4.2.3-11.28.amzn1.i686
samba-test-devel-4.2.3-11.28.amzn1.i686
samba-winbind-krb5-locator-4.2.3-11.28.amzn1.i686
samba-4.2.3-11.28.amzn1.i686
samba-common-tools-4.2.3-11.28.amzn1.i686
samba-winbind-clients-4.2.3-11.28.amzn1.i686
libsmbclient-4.2.3-11.28.amzn1.i686
samba-python-4.2.3-11.28.amzn1.i686
libwbclient-4.2.3-11.28.amzn1.i686
ctdb-devel-4.2.3-11.28.amzn1.i686
noarch:
samba-pidl-4.2.3-11.28.amzn1.noarch
samba-common-4.2.3-11.28.amzn1.noarch
src:
samba-4.2.3-11.28.amzn1.src
x86_64:
samba-libs-4.2.3-11.28.amzn1.x86_64
libsmbclient-4.2.3-11.28.amzn1.x86_64
samba-winbind-4.2.3-11.28.amzn1.x86_64
samba-test-libs-4.2.3-11.28.amzn1.x86_64
samba-common-libs-4.2.3-11.28.amzn1.x86_64
samba-4.2.3-11.28.amzn1.x86_64
samba-debuginfo-4.2.3-11.28.amzn1.x86_64
samba-devel-4.2.3-11.28.amzn1.x86_64
ctdb-devel-4.2.3-11.28.amzn1.x86_64
samba-winbind-modules-4.2.3-11.28.amzn1.x86_64
samba-client-4.2.3-11.28.amzn1.x86_64
ctdb-tests-4.2.3-11.28.amzn1.x86_64
samba-common-tools-4.2.3-11.28.amzn1.x86_64
ctdb-4.2.3-11.28.amzn1.x86_64
samba-python-4.2.3-11.28.amzn1.x86_64
samba-winbind-krb5-locator-4.2.3-11.28.amzn1.x86_64
samba-test-devel-4.2.3-11.28.amzn1.x86_64
samba-winbind-clients-4.2.3-11.28.amzn1.x86_64
samba-client-libs-4.2.3-11.28.amzn1.x86_64
libsmbclient-devel-4.2.3-11.28.amzn1.x86_64
samba-test-4.2.3-11.28.amzn1.x86_64
libwbclient-devel-4.2.3-11.28.amzn1.x86_64
libwbclient-4.2.3-11.28.amzn1.x86_64