Panzura's official response to the patch released by Samba that addresses vulnerabilities in Samba versions prior to 4.13.17.
On Monday, January 31, 2021, a patch was released for Samba to address a severe vulnerability. This vulnerability affects all versions of Samba prior to 4.13.17, and allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.
We quickly determined that the vulnerability only exists when the affected module has the default configuration. Although Panzura CloudFS contains a vulnerable version of the affected VFS Samba module, we do not use the default configuration. Since Panzura CloudFS does not use the default configuration for this module, Panzura customers already have a mitigating control in place and are not at risk for this vulnerability. As an additional precaution, we started working on a patch. We will release this patch to further reduce any possible risk to our customers in a future release.