| Description: | Summary:
The remote host is missing an update for the 'ctdb'
package(s) announced via the CESA-2020:5439 advisory.
Vulnerability Insight:
Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various
information.
Security Fix(es):
* samba: Netlogon elevation of privilege vulnerability (Zerologon)
(CVE-2020-1472)
* samba: Missing handle permissions check in SMB1/2/3 ChangeNotify
(CVE-2020-14318)
* samba: Unprivileged user can crash winbind (CVE-2020-14323)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* The 'require_membership_of' documentation in pam_winbind manpage is
incorrect (BZ#1853272)
* Malfunctioning %U substitution in valid users option (BZ#1868917)
* Regression: smbd and nmbd are restarted when samba-winbind package is
upgraded (BZ#1878205)
* winbindd memory leak on wbinfo -u with security=ADS (BZ#1892313)
Affected Software/OS:
'ctdb' package(s) on CentOS 7.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
