Ubuntu alert USN-7826-2 (samba)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7826-2] Samba vulnerabilities | |
| Date: | Mon, 20 Oct 2025 07:58:24 +0000 | |
| Message-ID: | <E1vAkme-0001Wb-MM@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7826-2 October 20, 2025 samba vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Samba. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Andrew Walker discovered that Samba incorrectly initialized memory in the vfs_streams_xattr module. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2025-9640) Igor Morgenstern discovered that Samba incorrectly handled names passed to the WINS hook program. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-10230) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS samba 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS samba 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm4 Available with Ubuntu Pro Ubuntu 14.04 LTS samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm15 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7826-2 https://ubuntu.com/security/notices/USN-7826-1 CVE-2025-10230, CVE-2025-9640
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmj160IACgkQcpJm3tlz hgHEBA/9HaDrwa4bnODvZI/XrFnAHkGQH5b2jHLK+Anhr7RcR+RiajELLviH09sL /03M6MZA7ixhA6qiCnB/hh0mfYWTwghMi1VTqWyVLA5L+IHmvFApTXsMoLsXO4k6 Zv72WZHAGpp7copynxVL7K27Xbl9YE+G19guLRB44+F1PJK2JxuEI3ruB29sEc9v 6INHWZhlxKyChLHYqSkqthtOhqHSrvS2TGztzmUqnaanv5dT12nvbfGesf5kUwXJ 1b/hnZVuFDh4nMYznOAhNUJJpYae/BeYUaA160N830krbjuNXAbSbJMlsbWBAh6y 1J9MnavpeguT+CaprjaSYJxgBBkS+CEeuxpb5d9nHPdxelOK+0PTTx7a6+m6yBpU O1qR9qIMXKFCyjvopSQH9ERTi+KqoZewC5G0VpZwo+/BgcYscez3s0pBa2VArS// wU4dgon1cG7Q5aPC49DLoq14S6CJaeWSfWxeNWumiJaV0D9g0do/Lqc+pgMwSWZf AJPqHF+NUFAVV37MMuPmqaFiqaKX+RwS1D0fS8EOUbQywstX32Tlf92k7Y7aSiiL HooZwKT1u82maRiAcDzdBO+BY1S4jlgFXgdyvNLnvlG0vP8CrG5cSaUJXvL9Mde2 pbPiRK2hfZ+j71e1vJ+mrjL9mUhOTX1Y2MYTrXf5mkau5Ep+Oyk= =3Xva -----END PGP SIGNATURE-----