I am running centos 6.9 with a writable samba share. I am running yum updates and everything is current. Has thes (CVE-2017-7494) vulnerability been patched? How can I tell?
I currently have Samba version 3.6.23-43.el6_9.
SambaCry vulnerability (CVE-2017-7494)
Re: SambaCry vulnerability (CVE-2017-7494)
Check it:
# rpm -q --changelog samba | grep -i cve
# rpm -q --changelog samba | grep -i cve
Re: SambaCry vulnerability (CVE-2017-7494)
Code: Select all
* Thu May 18 2017 Andreas Schneider <asn@redhat.com> - 3.6.24-43
- resolves: #1450782 - Fix CVE-2017-7494
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: SambaCry vulnerability (CVE-2017-7494)
@ mghe I ran command and got the output of changes. This is great .
@ TrevorH How do you find the date the patch was released?
@ TrevorH How do you find the date the patch was released?
Re: SambaCry vulnerability (CVE-2017-7494)
If you have the fixed version installed then rpm -qi samba shows you build and install dates. If you don't have it installed then you either have to browse one of the mirrors with a web browser or use the centos-announce mailing list archives to see when the mails came out. You can subscribe to centos-announce and get mails about all released packages (once subscribed you can login and select which versions/architectures you want to receive mails for). The mails also have a link to the Redhat errata page for that package and those have a brief description of what's fixed and why.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke