I might have an answer for this, but I thought I would post. I wanted to check to see if my samba version was patched for cve-2017-7494.
my installed version was Samba version 4.4.4 (don't know release, I had only checked smbstatus and not yum info samba at that point)
I upgraded via yum to samba version 4.4.4-14.el7_3, which being newer to patching I was wanting to make sure I was protected.
Samba's site https://www.samba.org/samba/history/security.html said the patch was released in 4.4.13. I was still a bit concerned as I saw 4.4.4 in samba info/smbstatus still.
However, I ran across two sites that helped get me some answers
the below link said for Centos/RHEL7, it is fixed in samba-4.4.4-14.el7_3
https://www.tecmint.com/fix-sambacry-vu ... -in-linux/
and this post from the forums
viewtopic.php?f=17&t=62714&hilit=samba+CVE+2017+7494
showed me how to use this command:
Code: Select all
rpm -q --changelog samba | grep -i cve
Code: Select all
rpm -q --changelog samba | grep -i cve
- resolves: #1450784 - Security fix for CVE-2017-7494
Is the difference in version numbers how centos packages samba vs source samba? I was just thinking about how to continue in the future looking to see if I'm patched based on release numbers.
Thanks for any help.