SambaCry vulnerability (CVE-2017-7494)

waltman · Post by **waltman** » 2017/05/27 09:35:50

I am running centos 6.9 with a writable samba share. I am running yum updates and everything is current. Has thes (CVE-2017-7494) vulnerability been patched? How can I tell?

I currently have Samba version 3.6.23-43.el6_9.

mghe · Post by **mghe** » 2017/05/27 12:20:01

Check it:

# rpm -q --changelog samba | grep -i cve

Post by **TrevorH** » 2017/05/27 14:51:42

Code: Select all

* Thu May 18 2017 Andreas Schneider <asn@redhat.com> - 3.6.24-43
- resolves: #1450782 - Fix CVE-2017-7494

waltman · Post by **waltman** » 2017/05/27 15:00:03

@ mghe I ran command and got the output of changes. This is great

.

@ TrevorH How do you find the date the patch was released?

Post by **TrevorH** » 2017/05/27 16:26:04

If you have the fixed version installed then rpm -qi samba shows you build and install dates. If you don't have it installed then you either have to browse one of the mirrors with a web browser or use the centos-announce mailing list archives to see when the mails came out. You can subscribe to centos-announce and get mails about all released packages (once subscribed you can login and select which versions/architectures you want to receive mails for). The mails also have a link to the Redhat errata page for that package and those have a brief description of what's fixed and why.

CentOS

SambaCry vulnerability (CVE-2017-7494)

SambaCry vulnerability (CVE-2017-7494)

Re: SambaCry vulnerability (CVE-2017-7494)

Re: SambaCry vulnerability (CVE-2017-7494)

Re: SambaCry vulnerability (CVE-2017-7494)

Re: SambaCry vulnerability (CVE-2017-7494)