Moderate: samba security, bug fix and enhancement update

Topic

Updated samba packages that fix several bugs with added enhancements are now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Gluster Storage is a software-only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.

Security Fix(es):

• samba: server memory information leak via SMB1 (CVE-2022-32742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Users of samba with Red Hat Gluster Storage are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Gluster Storage Server for On-premise 3 for RHEL 8 x86_64

Fixes

• BZ - 2108196 - CVE-2022-32742 samba: server memory information leak via SMB1
• BZ - 2111605 - Yum update for Samba will fail due to higher versions of Samba in RHEL 8.7

CVEs

• CVE-2022-32742

References

• https://access.redhat.com/security/updates/classification/#moderate