Headline
Red Hat Security Advisory 2022-7056-01
Red Hat Security Advisory 2022-7056-01 - Red Hat Gluster Storage is a software-only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Issues addressed include an information leakage vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: samba security, bug fix and enhancement update
Advisory ID: RHSA-2022:7056-01
Product: Red Hat Gluster Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7056
Issue date: 2022-10-19
CVE Names: CVE-2022-32742
====================================================================
- Summary:
Updated samba packages that fix several bugs with added enhancements are
now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Gluster 3.5 Samba on RHEL-8 - noarch, x86_64
- Description:
Red Hat Gluster Storage is a software-only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves
availability and manageability to meet enterprise-level storage challenges.
Security Fix(es):
- samba: server memory information leak via SMB1 (CVE-2022-32742)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Users of samba with Red Hat Gluster Storage are advised to upgrade to these
updated packages.
- Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2108196 - CVE-2022-32742 samba: server memory information leak via SMB1
2111605 - Yum update for Samba will fail due to higher versions of Samba in RHEL 8.7
- Package List:
Red Hat Gluster 3.5 Samba on RHEL-8:
Source:
samba-4.16.5-100.el8rhgs.src.rpm
noarch:
samba-common-4.16.5-100.el8rhgs.noarch.rpm
samba-pidl-4.16.5-100.el8rhgs.noarch.rpm
x86_64:
ctdb-4.16.5-100.el8rhgs.x86_64.rpm
ctdb-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
libsmbclient-4.16.5-100.el8rhgs.x86_64.rpm
libsmbclient-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
libsmbclient-devel-4.16.5-100.el8rhgs.x86_64.rpm
libwbclient-4.16.5-100.el8rhgs.x86_64.rpm
libwbclient-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
libwbclient-devel-4.16.5-100.el8rhgs.x86_64.rpm
python3-samba-4.16.5-100.el8rhgs.x86_64.rpm
python3-samba-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-4.16.5-100.el8rhgs.x86_64.rpm
samba-client-4.16.5-100.el8rhgs.x86_64.rpm
samba-client-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-client-libs-4.16.5-100.el8rhgs.x86_64.rpm
samba-client-libs-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-common-libs-4.16.5-100.el8rhgs.x86_64.rpm
samba-common-libs-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-common-tools-4.16.5-100.el8rhgs.x86_64.rpm
samba-common-tools-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-debugsource-4.16.5-100.el8rhgs.x86_64.rpm
samba-devel-4.16.5-100.el8rhgs.x86_64.rpm
samba-krb5-printing-4.16.5-100.el8rhgs.x86_64.rpm
samba-krb5-printing-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-libs-4.16.5-100.el8rhgs.x86_64.rpm
samba-libs-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-test-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-test-libs-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-vfs-glusterfs-4.16.5-100.el8rhgs.x86_64.rpm
samba-vfs-glusterfs-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-vfs-iouring-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-winbind-4.16.5-100.el8rhgs.x86_64.rpm
samba-winbind-clients-4.16.5-100.el8rhgs.x86_64.rpm
samba-winbind-clients-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-winbind-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-winbind-krb5-locator-4.16.5-100.el8rhgs.x86_64.rpm
samba-winbind-krb5-locator-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-winbind-modules-4.16.5-100.el8rhgs.x86_64.rpm
samba-winbind-modules-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
samba-winexe-debuginfo-4.16.5-100.el8rhgs.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32742
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY1C5c9zjgjWX9erEAQhJ7g/+NZJ4OyshATxJdDZz6R8bh+hnWkff0eCe
4Q8lzatiRlMd87dVYffZoVYD9vdKW6t5sT6zIjvX/s9AyOROcpxgIcbfcDQU78hk
1+3u0V2xlBjGe0ejEOR16KrbLLkfJ4P6oFJ/uTOPUdRYsmAunDMU2GzxRA8sX5tj
qmahym+Laai7pD3pCF0Q+K+r3wb99pwzwlUIaeqsEwa0gGE5UXBrpbWn7OBmjoLO
cV55LatcAVaLkXclu00GBi279IVcqQupVGuMRkej4yVz2K9SCiyX/M5v1lXgq6fI
dl8kbF62YXSrs+Ch+YvZhbZT1EtY6hkU+PsDtCR242G8wGaiJ+IdNwIE8V3F07JV
otr4MivgMQHByJoExvMl1FbXQNA7FaXVAV3Sall+DjtapWVNCr0reusEiLSKvklJ
LoxfAHecg5z3qAoD53cZ2ubDywwYnNKtgS0Vn69mFkN5QhVfEzDMp6eyhNeFFBXc
/1ZtqDRERs2Nuhc2Nf1jRwDHE1TdQDkoUTnjnDWrV7cYXqs7oG1eR+/wq+vVhf5G
zpM1GtqKZz4WIIJROAmA/g3RXFo5uthMOMrkQCKo20lPzpX2j4HpIB++JNOcHViH
WHiYShSC2hD43NtZTRnyfANnxpnhy0VPqT8EOGNxGlsjAS6QMsOz9iw6LKfYu8m1
bW7uetaK3No=G/BL
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
An update for samba is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32742: samba: server memory information leak via SMB1
Red Hat Security Advisory 2022-7201-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. Issues addressed include a code execution vulnerability.
Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Red Hat Security Advisory 2022-7111-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include an information leakage vulnerability.
An update for samba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32742: samba: server memory information leak via SMB1
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
Ubuntu Security Notice 5542-1 - It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. Luke Howard discovered that Samba incorrectly handled certain restrictions associated with changing passwords. A remote attacker being requested to change passwords could possibly use this issue to escalate privileges.