[Samba] CVE-2017-7494 patches

Rowland Penny rpenny at samba.org
Tue Jun 6 16:27:07 UTC 2017


On Tue, 6 Jun 2017 21:15:56 +0530
"Chunduru, Krishnachaithanya"
<Krishnachaithanya.Chunduru at broadridge.com> wrote:

> Hi Rowland,
> 
> Thanks for the update.
> 
> The setup we have is unaltered from long time. Now we are asked to
> install the patch for CVE-2017-7494, since we are not running the
> affected version its fine for now.
> 
> But can you please let me know what are vulnerabilities in 3.0.28 and
> any patches available for it. I will try to update it to the latest
> version on our dev servers first.
> 
> Moreover we have the below version running, not sure if we still have
> the latest version available from the pware.
> 
> pware.samba-3.0.28.rte    3.0.28.0  COMMITTED  Samba 3.0.28
> 
> 

Is this on AIX ?

Have a look here for vulnerabilities :

https://www.cvedetails.com/vulnerability-list/vendor_id-102/product_id-171/version_id-86928/Samba-Samba-3.0.28.html

There may or there may not be patches available. As I said, the 3.0.x
versions went EOL nearly 8 years ago, but you seem to be suffering one
of the problems of running an enterprise OS, the packages never seem to
get updated, unless patches are backported and, in most cases, this
will not be done by Samba for EOL versions.

Rowland



More information about the samba mailing list