ALAS-2017-834


Amazon Linux AMI Security Advisory: ALAS-2017-834
Advisory Release Date: 2017-05-31 21:43 Pacific
Severity: Important

Issue Overview:

A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494 )

It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125 )

A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126 )

A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619 )


Affected Packages:

samba


Issue Correction:
Run yum update samba to update your system.

New Packages:
i686:
    samba-test-libs-4.4.4-13.35.amzn1.i686
    ctdb-4.4.4-13.35.amzn1.i686
    samba-krb5-printing-4.4.4-13.35.amzn1.i686
    samba-winbind-4.4.4-13.35.amzn1.i686
    libsmbclient-4.4.4-13.35.amzn1.i686
    samba-winbind-clients-4.4.4-13.35.amzn1.i686
    samba-test-4.4.4-13.35.amzn1.i686
    samba-4.4.4-13.35.amzn1.i686
    samba-winbind-krb5-locator-4.4.4-13.35.amzn1.i686
    libsmbclient-devel-4.4.4-13.35.amzn1.i686
    samba-winbind-modules-4.4.4-13.35.amzn1.i686
    samba-python-4.4.4-13.35.amzn1.i686
    samba-client-4.4.4-13.35.amzn1.i686
    samba-common-libs-4.4.4-13.35.amzn1.i686
    samba-libs-4.4.4-13.35.amzn1.i686
    samba-common-tools-4.4.4-13.35.amzn1.i686
    libwbclient-devel-4.4.4-13.35.amzn1.i686
    ctdb-tests-4.4.4-13.35.amzn1.i686
    samba-debuginfo-4.4.4-13.35.amzn1.i686
    libwbclient-4.4.4-13.35.amzn1.i686
    samba-devel-4.4.4-13.35.amzn1.i686
    samba-client-libs-4.4.4-13.35.amzn1.i686

noarch:
    samba-common-4.4.4-13.35.amzn1.noarch
    samba-pidl-4.4.4-13.35.amzn1.noarch

src:
    samba-4.4.4-13.35.amzn1.src

x86_64:
    samba-python-4.4.4-13.35.amzn1.x86_64
    libwbclient-devel-4.4.4-13.35.amzn1.x86_64
    samba-debuginfo-4.4.4-13.35.amzn1.x86_64
    ctdb-4.4.4-13.35.amzn1.x86_64
    ctdb-tests-4.4.4-13.35.amzn1.x86_64
    samba-client-4.4.4-13.35.amzn1.x86_64
    libwbclient-4.4.4-13.35.amzn1.x86_64
    samba-winbind-modules-4.4.4-13.35.amzn1.x86_64
    samba-test-4.4.4-13.35.amzn1.x86_64
    samba-winbind-clients-4.4.4-13.35.amzn1.x86_64
    libsmbclient-devel-4.4.4-13.35.amzn1.x86_64
    libsmbclient-4.4.4-13.35.amzn1.x86_64
    samba-krb5-printing-4.4.4-13.35.amzn1.x86_64
    samba-client-libs-4.4.4-13.35.amzn1.x86_64
    samba-common-tools-4.4.4-13.35.amzn1.x86_64
    samba-winbind-krb5-locator-4.4.4-13.35.amzn1.x86_64
    samba-libs-4.4.4-13.35.amzn1.x86_64
    samba-4.4.4-13.35.amzn1.x86_64
    samba-devel-4.4.4-13.35.amzn1.x86_64
    samba-common-libs-4.4.4-13.35.amzn1.x86_64
    samba-winbind-4.4.4-13.35.amzn1.x86_64
    samba-test-libs-4.4.4-13.35.amzn1.x86_64