Samba vulnerabilities and upgrading/question

[xpac]

So I have a Centos 6 box that I'm using for testing before I try this on production servers.

The issue, all the Centos 6.x server are running Samba 3.x. Latest vulnerabilities/warning/etc from this past week indicate that Samba needs to be patched, however the patches I found on the Samba site are for 4.x.

SO,

Am I correct in assuming Samba 3 is deprecated and all of these servers should be running Samba 4?

And if that is correct, how do I go about getting it to work? Meaning, I've uninstalled Samba 3 on my test instance, and installed Samba 4. I downloaded the latest cifs-utils rpm, only to get this error (for which I can't seem to find the dependency):

"error: Failed dependencies:
libwbclient.so.0()(64bit) is needed by cifs-utils-4.8.1-20.el6.x86_64"

Any suggestions? And or corrections to my assumption

[TrevorH]

No, your assumption is incorrect. All packages shipped by CentOS and RHEL are covered by the Redhat backporting policies https://access.redhat.com/security/updates/backporting

The samba vulnerabilities are all fixed in the packages in the updates repo. Just run yum update and you should get the updates if you haven't already got them. After updating then rpm -q --changelog samba | less should show you the changelog for the package and you should see something like

Code: Select all

* Thu May 18 2017 Andreas Schneider <asn@redhat.com> - 3.6.24-43
- resolves: #1450782 - Fix CVE-2017-7494

[xpac]

Awesome, many thanks!