* * * READ ME * * * * * * Veritas Access 7.3.0.001 * * * * * * SAMBA Patch 1 * * * Patch Date: 2017-08-16 This document provides the following information: * PATCH NAME * OPERATING SYSTEMS SUPPORTED BY THE PATCH * BASE PRODUCT VERSIONS FOR THE PATCH * SUMMARY OF INCIDENTS FIXED BY THE PATCH * DETAILS OF INCIDENTS FIXED BY THE PATCH * INSTALLING THE PATCH * REMOVING THE PATCH * SPECIAL INSTRUCTIONS PATCH NAME ---------- Veritas Access 7.3 Patch 1 for SAMBA 4.6.6 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- RHEL6 update 7 and update 8 x86-64 BASE PRODUCT VERSIONS FOR THE PATCH ----------------------------------- * Veritas Access 7.3 GA SUMMARY OF INCIDENTS FIXED BY THE PATCH --------------------------------------- Patch ID: 7.3.0.001 * 3927755 (3927758) Samba version upgrade to 4.6.6 DETAILS OF INCIDENTS FIXED BY THE PATCH --------------------------------------- This patch fixes the following incidents: Patch ID: 7.3.0.001 * 3927755 (Tracking ID: 3927758) SYMPTOM: Existing Samba version (4.5.1) in Veritas Access has security vulnerabilities reported. DESCRIPTION: Following are the vulnerabilities reported with version (4.5.1) * CVE-2017-9461 * CVE-2017-7494 Samba community released updated version of Samba to address these vulnerabilities. RESOLUTION: The samba version has been upgraded to 4.6.6 and tested with Veritas Access INSTALLING THE PATCH -------------------- 1) Login as root on Access cluster node 2) Download the patch from sort.veritas.com 3) Verify the md5sum for each rpm (md5sum given in SPECIAL INSTRUCTIONS section below) 4) Login to Access CLISH and go to CIFS module # su - master >cifs CIFS> 5) Stop the CIFS server using CLISH command CIFS>server stop CIFS>server status - The server status should be reported as OFFLINE CIFS>logout 6) Unzip the Samba patch using following command # tar -zxvf access-rhel6_x86_64-4.6.6samba.tar.gz 7) Upgrade samba rpms using following command # rpm -Uvh rpms/*.rpm 8) Repeat steps from 6 to 7 on all nodes in Access cluster. 9) Remove the "nt_pipe_support='no'" option from '/opt/VRTSnas/conf/smbglobal.conf' file manually. Or alternatively use the following command to remove it from all nodes. # onnode "all" sed -i "/nt_pipe_support='no'/d" /opt/VRTSnas/conf/smbglobal.conf 10) Start the CIFS server using command CIFS>server start 11) Optionally, if fresh nodes are added to an existing Access cluster, you need to repeat steps 1 to 10 on that node REMOVING THE PATCH ------------------ NONE SPECIAL INSTRUCTIONS -------------------- Following are the md5sum for rpms. MD5SUM ======= 46844b09267c837810f0ade172af8f88 ctdb-4.6.6-1.el6.x86_64.rpm 1f686c970c3104a39d583e773932a3da libsmbclient-4.6.6-1.el6.x86_64.rpm 5b80420d018268ec03a58b87216d4b15 libwbclient-4.6.6-1.el6.x86_64.rpm a874ae145486acd8c50559b7c79d932d perl-Convert-ASN1-0.22-1.el6.rfx.noarch.rpm b72eaf88086b31e5cd7b288910b4de10 samba-4.6.6-1.el6.x86_64.rpm 4fee02a63f16a4674527c04dba08e252 samba-client-4.6.6-1.el6.x86_64.rpm 0e91b737f4f6149fae3056b1bbe06cb4 samba-client-libs-4.6.6-1.el6.x86_64.rpm 85fd3bc83abd48b7eab9db7ef8cfbeaf samba-common-4.6.6-1.el6.x86_64.rpm d6a39cd0bfb6c741d6a68b9c52534f82 samba-common-libs-4.6.6-1.el6.x86_64.rpm d98554a9adea74e0e4fa370d87baee29 samba-krb5-printing-4.6.6-1.el6.x86_64.rpm a05d0fc0be4cfab70a167b1fe7c404eb samba-libs-4.6.6-1.el6.x86_64.rpm 188a5aeafe73961c757a03a40fd0400d samba-winbind-4.6.6-1.el6.x86_64.rpm be4f5ffbafb6f23eddc990ff1ca580c6 samba-winbind-clients-4.6.6-1.el6.x86_64.rpm 5543f89803f16fae697d8d542f652d02 samba-winbind-krb5-locator-4.6.6-1.el6.x86_64.rpm ba7234a920521250d94317b4714892c6 samba-winbind-modules-4.6.6-1.el6.x86_64.rpm OTHERS ------ NONE