ALAS-2021-1469


Amazon Linux AMI Security Advisory: ALAS-2021-1469
Advisory Release Date: 2021-01-12 22:51 Pacific
Advisory Updated Date: 2021-01-13 18:21 Pacific
Severity: Critical

Issue Overview:

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318 )

A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-14323 )

A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator
privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472 )


Affected Packages:

samba


Issue Correction:
Run yum update samba to update your system.

New Packages:
i686:
    samba-client-4.10.16-9.56.amzn1.i686
    samba-libs-4.10.16-9.56.amzn1.i686
    samba-common-libs-4.10.16-9.56.amzn1.i686
    ctdb-4.10.16-9.56.amzn1.i686
    libwbclient-4.10.16-9.56.amzn1.i686
    samba-client-libs-4.10.16-9.56.amzn1.i686
    samba-debuginfo-4.10.16-9.56.amzn1.i686
    libsmbclient-devel-4.10.16-9.56.amzn1.i686
    samba-winbind-modules-4.10.16-9.56.amzn1.i686
    samba-python-test-4.10.16-9.56.amzn1.i686
    samba-krb5-printing-4.10.16-9.56.amzn1.i686
    samba-devel-4.10.16-9.56.amzn1.i686
    libsmbclient-4.10.16-9.56.amzn1.i686
    samba-python-4.10.16-9.56.amzn1.i686
    samba-4.10.16-9.56.amzn1.i686
    samba-winbind-4.10.16-9.56.amzn1.i686
    samba-test-libs-4.10.16-9.56.amzn1.i686
    samba-common-tools-4.10.16-9.56.amzn1.i686
    libwbclient-devel-4.10.16-9.56.amzn1.i686
    samba-winbind-clients-4.10.16-9.56.amzn1.i686
    ctdb-tests-4.10.16-9.56.amzn1.i686
    samba-winbind-krb5-locator-4.10.16-9.56.amzn1.i686
    samba-test-4.10.16-9.56.amzn1.i686

noarch:
    samba-pidl-4.10.16-9.56.amzn1.noarch
    samba-common-4.10.16-9.56.amzn1.noarch

src:
    samba-4.10.16-9.56.amzn1.src

x86_64:
    samba-winbind-modules-4.10.16-9.56.amzn1.x86_64
    libwbclient-devel-4.10.16-9.56.amzn1.x86_64
    samba-4.10.16-9.56.amzn1.x86_64
    samba-client-4.10.16-9.56.amzn1.x86_64
    samba-common-tools-4.10.16-9.56.amzn1.x86_64
    samba-client-libs-4.10.16-9.56.amzn1.x86_64
    libwbclient-4.10.16-9.56.amzn1.x86_64
    samba-test-4.10.16-9.56.amzn1.x86_64
    samba-python-4.10.16-9.56.amzn1.x86_64
    ctdb-4.10.16-9.56.amzn1.x86_64
    samba-winbind-clients-4.10.16-9.56.amzn1.x86_64
    samba-devel-4.10.16-9.56.amzn1.x86_64
    libsmbclient-4.10.16-9.56.amzn1.x86_64
    samba-krb5-printing-4.10.16-9.56.amzn1.x86_64
    samba-libs-4.10.16-9.56.amzn1.x86_64
    samba-winbind-4.10.16-9.56.amzn1.x86_64
    samba-test-libs-4.10.16-9.56.amzn1.x86_64
    samba-winbind-krb5-locator-4.10.16-9.56.amzn1.x86_64
    libsmbclient-devel-4.10.16-9.56.amzn1.x86_64
    samba-python-test-4.10.16-9.56.amzn1.x86_64
    samba-debuginfo-4.10.16-9.56.amzn1.x86_64
    samba-common-libs-4.10.16-9.56.amzn1.x86_64
    ctdb-tests-4.10.16-9.56.amzn1.x86_64