Samba Patch
 

Hi

I am new to Linux and really need help.
Last week samba announced a security issue on versions 3.5 onwards.
https://www.samba.org/samba/security/CVE-2017-7494.html

Now I have multiple servers that are running on RHEL 6 which came out with Samba 3.6 and onwards.

I now need to apply a patch and I have no idea where to get this patch or how to apply it.

Firstly, I dont know if this patch will work on my version of samba (https://www.samba.org/samba/history/security.html)

Secondly, I have no idea how to create a RPM so that I can roll it out to my other servers as well.

Thirdly, is there not a way I can install samba 4.4.4-14 on my RHEL 6 servers?

Your help will be much appreciated

#1 If you have licensed copies of RHEL then you should always go to Red Hat first, that is what you are paying for.

#2 If you installed SAMBA from the Red Hat Network repos then the update should come in the security patches the next time you run "yum update". If you installed from sources and outside of the package management system, you have a split or broken system and have taken responsibility for maintaining SAMBA yourself. You should be able to download the new sources from the SAMBA site. Note that no one really recommends this for production systems, use YUM if you can.

#3 RHEL 7 has been out for a while, and runs a later version of SAMBA. You might consider updating your environment to RHEL 7. I do recommend care and caution: version 7 has some major changes.

Do you perhaps know when samba will release a new version so that I can update all my servers?

This is a useful site: https://www.samba.org/samba/history/

On 24 May, they released the source code for versions 4.6.4, 4.5.10 and 4.4.14 to address CVE-2017-7494.