An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various information.
* A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494)
Red Hat would like to thank the Samba project for reporting this issue. Upstream
acknowledges steelo as the original reporter.
1450347 – CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE