Synopsis: Moderate: samba4 security update Advisory ID: SLSA-2017:2791-1 Issue Date: 2017-09-21 CVE Numbers: CVE-2017-12150 CVE-2017-12163 -- Security Fix(es): * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man- in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) -- SL6 x86_64 samba4-4.2.10-11.el6_9.x86_64.rpm samba4-client-4.2.10-11.el6_9.x86_64.rpm samba4-common-4.2.10-11.el6_9.x86_64.rpm samba4-dc-4.2.10-11.el6_9.x86_64.rpm samba4-dc-libs-4.2.10-11.el6_9.x86_64.rpm samba4-debuginfo-4.2.10-11.el6_9.x86_64.rpm samba4-devel-4.2.10-11.el6_9.x86_64.rpm samba4-libs-4.2.10-11.el6_9.x86_64.rpm samba4-pidl-4.2.10-11.el6_9.x86_64.rpm samba4-python-4.2.10-11.el6_9.x86_64.rpm samba4-test-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-clients-4.2.10-11.el6_9.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.x86_64.rpm i386 samba4-4.2.10-11.el6_9.i686.rpm samba4-client-4.2.10-11.el6_9.i686.rpm samba4-common-4.2.10-11.el6_9.i686.rpm samba4-dc-4.2.10-11.el6_9.i686.rpm samba4-dc-libs-4.2.10-11.el6_9.i686.rpm samba4-debuginfo-4.2.10-11.el6_9.i686.rpm samba4-devel-4.2.10-11.el6_9.i686.rpm samba4-libs-4.2.10-11.el6_9.i686.rpm samba4-pidl-4.2.10-11.el6_9.i686.rpm samba4-python-4.2.10-11.el6_9.i686.rpm samba4-test-4.2.10-11.el6_9.i686.rpm samba4-winbind-4.2.10-11.el6_9.i686.rpm samba4-winbind-clients-4.2.10-11.el6_9.i686.rpm samba4-winbind-krb5-locator-4.2.10-11.el6_9.i686.rpm - Scientific Linux Development Team