Polkit/Samba patch for 2.0.x release notes

This patch addresses the following Polkit and Samba vulnerabilities on Cloud Pak for Data System 2.0.x.

RHSA-2022:0265 Important/Sec. polkit-0.115-11.el8_2.2.x86_64
CVE-2021-4034  Important/Sec. polkit-0.115-11.el8_2.2.x86_64
classification Important/Sec. polkit-0.115-11.el8_2.2.x86_64
ref_0          Important/Sec. polkit-0.115-11.el8_2.2.x86_64
RHSA-2022:0265 Important/Sec. polkit-libs-0.115-11.el8_2.2.x86_64
CVE-2021-4034  Important/Sec. polkit-libs-0.115-11.el8_2.2.x86_64
classification Important/Sec. polkit-libs-0.115-11.el8_2.2.x86_64
ref_0          Important/Sec. polkit-libs-0.115-11.el8_2.2.x86_64
RHSA-2021:4866 Moderate/Sec.  samba-client-libs-4.11.2-15.el8_2.x86_64
CVE-2021-20254 Moderate/Sec.  samba-client-libs-4.11.2-15.el8_2.x86_64
classification Moderate/Sec.  samba-client-libs-4.11.2-15.el8_2.x86_64
RHSA-2022:0074 Important/Sec. samba-client-libs-4.11.2-18.el8_2.x86_64
CVE-2016-2124  Important/Sec. samba-client-libs-4.11.2-18.el8_2.x86_64
CVE-2020-25717 Important/Sec. samba-client-libs-4.11.2-18.el8_2.x86_64
classification Important/Sec. samba-client-libs-4.11.2-18.el8_2.x86_64
RHSA-2022:0330 Critical/Sec.  samba-client-libs-4.11.2-19.el8_2.x86_64
CVE-2021-44142 Critical/Sec.  samba-client-libs-4.11.2-19.el8_2.x86_64
classification Critical/Sec.  samba-client-libs-4.11.2-19.el8_2.x86_64
RHSA-2021:4866 Moderate/Sec.  samba-common-4.11.2-15.el8_2.noarch
CVE-2021-20254 Moderate/Sec.  samba-common-4.11.2-15.el8_2.noarch
classification Moderate/Sec.  samba-common-4.11.2-15.el8_2.noarch
RHSA-2022:0074 Important/Sec. samba-common-4.11.2-18.el8_2.noarch
CVE-2016-2124  Important/Sec. samba-common-4.11.2-18.el8_2.noarch
CVE-2020-25717 Important/Sec. samba-common-4.11.2-18.el8_2.noarch
classification Important/Sec. samba-common-4.11.2-18.el8_2.noarch
RHSA-2022:0330 Critical/Sec.  samba-common-4.11.2-19.el8_2.noarch
CVE-2021-44142 Critical/Sec.  samba-common-4.11.2-19.el8_2.noarch
classification Critical/Sec.  samba-common-4.11.2-19.el8_2.noarch
RHSA-2021:4866 Moderate/Sec.  samba-common-libs-4.11.2-15.el8_2.x86_64
CVE-2021-20254 Moderate/Sec.  samba-common-libs-4.11.2-15.el8_2.x86_64
classification Moderate/Sec.  samba-common-libs-4.11.2-15.el8_2.x86_64
RHSA-2022:0074 Important/Sec. samba-common-libs-4.11.2-18.el8_2.x86_64
CVE-2016-2124  Important/Sec. samba-common-libs-4.11.2-18.el8_2.x86_64
CVE-2020-25717 Important/Sec. samba-common-libs-4.11.2-18.el8_2.x86_64
classification Important/Sec. samba-common-libs-4.11.2-18.el8_2.x86_64
RHSA-2022:0330 Critical/Sec.  samba-common-libs-4.11.2-19.el8_2.x86_64
CVE-2021-44142 Critical/Sec.  samba-common-libs-4.11.2-19.el8_2.x86_64
classification Critical/Sec.  samba-common-libs-4.11.2-19.el8_2.x86_64
RHSA-2021:4866 Moderate/Sec.  libsmbclient-4.11.2-15.el8_2.x86_64
CVE-2021-20254 Moderate/Sec.  libsmbclient-4.11.2-15.el8_2.x86_64
classification Moderate/Sec.  libsmbclient-4.11.2-15.el8_2.x86_64
RHSA-2022:0074 Important/Sec. libsmbclient-4.11.2-18.el8_2.x86_64
CVE-2016-2124  Important/Sec. libsmbclient-4.11.2-18.el8_2.x86_64
CVE-2020-25717 Important/Sec. libsmbclient-4.11.2-18.el8_2.x86_64
classification Important/Sec. libsmbclient-4.11.2-18.el8_2.x86_64
RHSA-2022:0330 Critical/Sec.  libsmbclient-4.11.2-19.el8_2.x86_64
CVE-2021-44142 Critical/Sec.  libsmbclient-4.11.2-19.el8_2.x86_64
classification Critical/Sec.  libsmbclient-4.11.2-19.el8_2.x86_64
RHSA-2021:4866 Moderate/Sec.  libwbclient-4.11.2-15.el8_2.x86_64
CVE-2021-20254 Moderate/Sec.  libwbclient-4.11.2-15.el8_2.x86_64
classification Moderate/Sec.  libwbclient-4.11.2-15.el8_2.x86_64
RHSA-2022:0074 Important/Sec. libwbclient-4.11.2-18.el8_2.x86_64
CVE-2016-2124  Important/Sec. libwbclient-4.11.2-18.el8_2.x86_64
CVE-2020-25717 Important/Sec. libwbclient-4.11.2-18.el8_2.x86_64
classification Important/Sec. libwbclient-4.11.2-18.el8_2.x86_64
RHSA-2022:0330 Critical/Sec.  libwbclient-4.11.2-19.el8_2.x86_64
CVE-2021-44142 Critical/Sec.  libwbclient-4.11.2-19.el8_2.x86_64
classification Critical/Sec.  libwbclient-4.11.2-19.el8_2.x86_64

Before you begin

  • The process takes about one minute to complete.
  • No downtime is required for this upgrade.

Procedure

  1. Download 2.0.0.0.polkit_samba_package-WS-ICPDS-fpXXX from FixCentral and copy it to the /tmp directory on e1n1.
  2. Change directory:
    cd /tmp
  3. Run:
    tar xvf 2.0.0.0.polkit_samba_package-WS-ICPDS-fpXXX.tar.gz
        polkit/
    polkit/polkit-0.115-11.el8_2.2.x86_64.rpm
    polkit/polkit_samba_package_upgrade.sh
    polkit/libwbclient-4.11.2-19.el8_2.x86_64.rpm
    polkit/libsmbclient-4.11.2-19.el8_2.x86_64.rpm
    polkit/samba-client-libs-4.11.2-19.el8_2.x86_64.rpm
    polkit/polkit-libs-0.115-11.el8_2.2.x86_64.rpm
    polkit/samba-common-4.11.2-19.el8_2.noarch.rpm
    polkit/samba-common-libs-4.11.2-19.el8_2.x86_64.rpm
  4. Run 
    cd polkit/
  5. Run 
    ./polkit_samba_package_upgrade.sh
  6. Check that the script completes successfully with no errors and that the return code is 0 by running echo $?. You can see the updated RPMs at the end of the script.