|
|
Subscribe / Log in / New account

Ubuntu alert USN-7826-1 (samba)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7826-1] Samba vulnerabilities


Date:
              Thu, 16 Oct 2025 10:14:18 +0000


Message-ID:
              <E1v9Kzy-00057d-1x@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7826-1
October 16, 2025

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

Andrew Walker discovered that Samba incorrectly initialized memory in the
vfs_streams_xattr module. An authenticated attacker could possibly use this
issue to obtain sensitive information. (CVE-2025-9640)

Igor Morgenstern discovered that Samba incorrectly handled names passed to
the WINS hook program. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2025-10230)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  samba                           2:4.22.3+dfsg-4ubuntu2.1

Ubuntu 25.04
  samba                           2:4.21.4+dfsg-1ubuntu3.5

Ubuntu 24.04 LTS
  samba                           2:4.19.5+dfsg-4ubuntu9.4

Ubuntu 22.04 LTS
  samba                           2:4.15.13+dfsg-0ubuntu1.10

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7826-1
  CVE-2025-10230, CVE-2025-9640

Package Information:
  https://launchpad.net/ubuntu/+source/samba/2:4.22.3+dfsg-...
  https://launchpad.net/ubuntu/+source/samba/2:4.21.4+dfsg-...
  https://launchpad.net/ubuntu/+source/samba/2:4.19.5+dfsg-...
  https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjwxM0ACgkQcpJm3tlz
hgE3HQ/+OoKmKgZUT7aqEeQIAasaf4vHkDH2TWaTir1jiok77l0SbAtebOq7FL2K
FXOygeQ6Cp/47BciWTSLwSZR5tk2nq4FojCvJmvkiOAPoJ1Xh9hyv6vC/M8cBOhb
zZE5X0BDgeh4J1yHCDPx8rlSKza/69m200oK/P3EFwMq+YjiRU/Iayp0hZ3MvWqy
7XcQdvD2+I5Mvkr4cE6ioxZ57dOuzJAtYoAqeZ3tOXAUoXl+00pnFDeOzICxhdsi
4bGVEjm/57RDjJINb9P40pRam+6W8WV9IfiqdJ4Rk7yrAz+PENO0MTXaI3ohFlt/
vrjaRbnObAdcOCDUEWbOmDWIn41glg+lPQrVjTUCy9/q95Qrqb1OtW/MSXPqQO3b
3j7hJnuu/GDtyp15ohYrscZX4mRLi1u2Tsa7s/RXZSc1AnuJf8D7bDNK2wZIRWZZ
QUSbdQemkyPJ8NKPfYWvcjCWzWETyV3ZXRACPPWMZH85nGsyKardLdimlbH1tQGB
SLJ2XvPydISC+/Fp39SIpXkrFBX8c+yOd2NeBQc7U3ufAHJ7xAU/H8JxkCIXzJii
VvcCxZlkq0//wBNlxSzG1TtHt7YGd0iYhX0fMwpkgrNjxLadDMkI4Yq4H+Dj2jNp
h3Q1AlnLTLkGe0tp15aA+q68zrPSeyxThy2toTQBs7y4tpkscck=
=aDbr
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds