Lucene search
AlmaLinuxALSA-2021:1647HistoryMay 18, 2021 - 5:44 a.m.
Moderate: samba security, bug fix, and enhancement update
2021-05-1805:44:25
errata.almalinux.org
52
0.451 Medium
EPSS
Percentile
97.4%
Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.
The following packages have been upgraded to a later upstream version: samba (4.13.3). (BZ#1878109)
Security Fix(es):
-
samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)
-
samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)
-
samba: Unprivileged user can crash winbind (CVE-2020-14323)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | i686 | openchange | < 2.3-27.el8 | openchange-2.3-27.el8.i686.rpm |
| almalinux | 8 | x86_64 | openchange | < 2.3-27.el8 | openchange-2.3-27.el8.x86_64.rpm |
| almalinux | 8 | i686 | libwbclient-devel | < 4.13.3-3.el8 | libwbclient-devel-4.13.3-3.el8.i686.rpm |
| almalinux | 8 | i686 | libsmbclient-devel | < 4.13.3-3.el8 | libsmbclient-devel-4.13.3-3.el8.i686.rpm |
| almalinux | 8 | i686 | samba-devel | < 4.13.3-3.el8 | samba-devel-4.13.3-3.el8.i686.rpm |
| almalinux | 8 | x86_64 | samba-devel | < 4.13.3-3.el8 | samba-devel-4.13.3-3.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | libwbclient-devel | < 4.13.3-3.el8 | libwbclient-devel-4.13.3-3.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | libsmbclient-devel | < 4.13.3-3.el8 | libsmbclient-devel-4.13.3-3.el8.x86_64.rpm |
Related
f5
f5
K93951507 : Multiple Samba vulnerabilities
2021-04-06 00:00:00
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2021-1050)
2021-01-05 00:00:00
RHEL 8 : samba (RHSA-2021:1647)
2021-05-19 00:00:00
CentOS 8 : samba (CESA-2021:1647)
2021-05-19 00:00:00
osv
osv
Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
samba vulnerabilities
2020-11-02 13:56:36
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2021-05-25 00:00:00
samba security and bug fix update
2020-12-16 00:00:00
amazon
amazon
Critical: samba
2021-06-16 20:36:00
Critical: samba
2021-01-12 22:51:00
Critical: samba
2021-01-05 23:34:00
openvas
openvas
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1050)
2021-01-08 00:00:00
CentOS: Security Advisory for ctdb (CESA-2020:5439)
2020-12-18 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1118)
2021-01-19 00:00:00
rocky
rocky
samba security, bug fix, and enhancement update
2021-05-18 05:44:25
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2020-12-18 00:19:11
redhat
redhat
(RHSA-2021:1647) Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
(RHSA-2020:5439) Moderate: samba security and bug fix update
2020-12-15 09:01:31
(RHSA-2021:3723) Moderate: samba security, bug fix and enhancement update
2021-10-05 04:55:51
ibm
ibm
gentoo
gentoo
Samba: Multiple vulnerabilities
2020-12-24 00:00:00
freebsd
freebsd
samba -- Multiple Vulnerabilities
2020-10-29 00:00:00
samba -- Unauthenticated domain takeover via netlogon
2020-01-01 00:00:00
suse
suse
Security update for samba (important)
2020-11-02 00:00:00
Security update for samba (important)
2020-11-02 00:00:00
Security update for samba (important)
2020-09-25 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: samba-4.13.1-0.fc33
2020-11-03 01:01:17
[SECURITY] Fedora 32 Update: samba-4.12.10-0.fc32
2020-11-10 01:29:57
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.12.9-alt1
2020-10-29 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2020-11-02 00:00:00
Samba vulnerabilities
2021-05-03 00:00:00
Samba vulnerability
2020-09-17 00:00:00
mageia
mageia
Updated samba packages fix security vulnerabilities
2020-11-10 18:20:00
alpinelinux
alpinelinux
CVE-2020-14323
2020-10-29 20:15:00
CVE-2020-14318
2020-12-03 16:15:00
redhatcve
redhatcve
CVE-2020-14323
2020-10-29 11:29:25
CVE-2020-14318
2020-10-29 11:29:24
cbl_mariner
cbl_mariner
CVE-2020-14323 affecting package samba 4.12.5-6
2024-05-19 09:07:22
CVE-2020-14318 affecting package samba 4.12.5-6
2024-05-19 09:07:22
samba
samba
Unprivileged user can crash winbind
2020-10-29 00:00:00
Missing handle permissions check in SMB1/2/3
2020-10-29 00:00:00
Unauthenticated domain takeover via netlogon ("ZeroLogon")
2020-09-18 00:00:00
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS)
2020-11-09 05:13:27
Information Disclosure
2020-11-09 05:13:20
Privilege Escalation
2020-10-08 13:45:57
prion
prion
Null pointer dereference
2020-10-29 20:15:00
Design/Logic Flaw
2020-12-03 16:15:00
cvelist
cvelist
CVE-2020-14323
2020-10-29 00:00:00
CVE-2020-14318
2020-12-03 00:00:00
debiancve
debiancve
cve
cve
debian
debian
[SECURITY] [DLA 2463-1] samba security update
2020-11-23 03:19:15
carbonblack
carbonblack
Risk Score 101: What to look for in a Risk Score
2020-11-19 18:20:13
githubexploit
githubexploit
Exploit for Use of Insufficiently Random Values in Microsoft
2020-09-14 16:57:49
Exploit for Use of Insufficiently Random Values in Microsoft
2020-09-16 14:25:54
Exploit for Use of Insufficiently Random Values in Microsoft
2020-09-16 09:54:09
threatpost
threatpost
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
2020-10-19 16:36:00
Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'
2021-01-15 21:47:20
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
2020-11-19 14:34:36
cisa
cisa
Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472
2020-09-14 00:00:00
Microsoft Warns of Continued Exploitation of CVE-2020-1472
2020-10-29 00:00:00
malwarebytes
malwarebytes
The story of ZeroLogon
2021-01-19 18:37:09
securelist
securelist
The future of cyberconflicts
2020-12-18 10:00:10
qualysblog
qualysblog
msrc
msrc
Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472
2021-01-14 08:00:00
Attacks exploiting Netlogon vulnerability (CVE-2020-1472)
2020-10-29 20:02:19
Attacks exploiting Netlogon vulnerability (CVE-2020-1472)
2020-10-29 07:00:00
cert
cert
attackerkb
attackerkb
CVE-2020-1472
2020-08-17 00:00:00
thn
thn
Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability
2020-09-23 18:08:00
archlinux
archlinux
[ASA-202009-17] samba: access restriction bypass
2020-09-29 00:00:00
huawei
huawei
Security Advisory - Netlogon Elevation of Privilege Vulnerability
2020-11-05 00:00:00
metasploit
metasploit
Netlogon Weak Cryptographic Authentication
2020-09-17 18:28:53
checkpoint_advisories
checkpoint_advisories
Microsoft Netlogon Elevation of Privilege (CVE-2020-1472)
2020-09-21 00:00:00
hivepro
hivepro
Attacks, Vulnerabilities and Actors 19 June to 25 June 2023
2023-06-27 11:07:09
fireeye
fireeye
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
2020-10-28 00:00:00