Updated: 2022-06-10 11:36:38.058881
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
|CVSS Version 2.x||NONE||0|
|CVSS Version 3.x||MEDIUM||5.9|
|OS name||Project name||Version||Status||Errata||Last updated|
|CentOS 8.4 ELS||samba||4.13.3-5||Ignored||2022-06-10 11:36:38.10732|
|CentOS 8.5 ELS||samba||4.14.5-7||Ignored||2022-06-10 11:36:38.045747|
It is impossible to backport security patches to samba versions prior to 4.15.0. The fix of vulnerability requires a massive rewrite of a projects's internal code. Upgrading package is not reasonable due to medium severity of vulnerability. For more details check out an article about fixing samba: https://lwn.net/Articles/884052/