Implement fix for CVE-2017-7494

CHANGELOG.md

@@ -4,6 +4,12 @@ This file contains al notable changes to the bertvv.samba Ansible role.
 
 This file adheres to the guidelines of [http://keepachangelog.com/](http://keepachangelog.com/). Versioning follows [Semantic Versioning](http://semver.org/). "GH-X" refers to the X'th issue or pull request on the Github project.
 
+## 2.3.1 - 2017-05-29
+
+### Changed
+
+- Fix for remote code execution vulnerability CVE-2017-7494: <https://access.redhat.com/security/cve/cve-2017-7494>
+
 ## 2.3.0 - 2017-05-10
 
 ### Changed

README.md

@@ -17,6 +17,16 @@ The following are not considered concerns of this role, and you should configure
 
 **If you like/use this role, please consider giving it a star! Thanks!**
 
+## CVE-2017-7494
+
+A recently discovered remote code execution vulnerability may affect your Samba server installation.
+
+If SELinux is enabled on your system, it is **NOT** vulnerable.
+
+Version 2.3.1 of this role has a fix for the vulnerability. Upgrade your system if necessary.
+
+More info: <https://access.redhat.com/security/cve/cve-2017-7494>
+
 ## Requirements
 
 No specific requirements

templates/smb.conf.j2

@@ -45,6 +45,10 @@
   disable spoolss = yes
 {% endif %}
 
+  # Fix for CVE-2017-7494
+  # https://access.redhat.com/security/cve/cve-2017-7494
+  nt pipe support = no
+
 {% if samba_load_homes %}
 ## Make home directories accessible
 [homes]