Ubuntu alert USN-8306-1 (samba)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8306-1] Samba vulnerabilities | |
| Date: | Tue, 26 May 2026 16:06:08 +0000 | |
| Message-ID: | <E1wRuIC-0005oH-Tg@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8306-1 May 26, 2026 samba vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Samba. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-1933) Pavel Kohout discovered that Samba's vfs_worm module did not properly block file overwrites. An attacker could possibly use this issue to overwrite files that should have remained immutable. (CVE-2026-2340) Arad Inbar, Nir Somech, and Ben Grinberg discovered that Samba incorrectly handled certificate auto-enrolment group policies over HTTP without verification. A machine-in-the-middle attacker could possibly use this issue to install a malicious CA certificate. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-3012) Arad Inbar, Erez Cohen, Nir Somech, and Ben Grinberg discovered that Samba's Active Directory Domain Controller WINS server could be made to crash under certain circumstances. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-3238) Ron Ben Yizhak discovered that Samba's DCE/RPC SAMR server incorrectly handled a non-default password check script configuration. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-4408) Ron Ben Yizhak discovered that Samba's printing subsystem incorrectly handled a non-default print command configuration. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-4480) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS samba 2:4.23.6+dfsg-1ubuntu2.1 Ubuntu 25.10 samba 2:4.22.3+dfsg-4ubuntu2.4 Ubuntu 24.04 LTS samba 2:4.19.5+dfsg-4ubuntu9.6 Ubuntu 22.04 LTS samba 2:4.15.13+dfsg-0ubuntu1.12 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8306-1 CVE-2026-1933, CVE-2026-2340, CVE-2026-3012, CVE-2026-3238, CVE-2026-4408, CVE-2026-4480 Package Information: https://launchpad.net/ubuntu/+source/samba/2:4.23.6+dfsg-... https://launchpad.net/ubuntu/+source/samba/2:4.22.3+dfsg-... https://launchpad.net/ubuntu/+source/samba/2:4.19.5+dfsg-... https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoVxEkACgkQcpJm3tlz hgG43A//fNMseAI/2DKFwdmpS5PQLkk4gpxm+Py55+5XkItR03LIvCqrwetoW5vW z7+tNWYxB362p4DLYsx2OtnbviTiBBl09r2r0Vsmgczs9rc3pCPoyWgXq5VRhlwf aeLsyIXSL5ECp4JKtY7DM916SH72aasjic3NMCcCN+iVX8+D+V5AE4R7jzDjYkaT C1NSChUF0W/64l6VtDeD1hnANBgRl0YcSJa8YughSdvOiUBJ0N5Ia8BVHBNxyt4U qYyUyJgvlyI8IWjo2w3bL2d1M8ShEVmCvtZ+SYkeR/p6keMZFVWvP0jxHJSOq+sH U9Boh/YouN6ymJUQyhu5TqXOV2iy/S8CsZylxs3gVEUjKNGcZxPse/sg2TJIxAkB WS0vqZr8wS6R4OAZpU51qHpr9D24PwWp33MPOJ1gqS4FOSpSYbyyFRSpD4om1buv g1qL8EGS33EhvLfxY5pQKQs0oPGDJMznc8jeZPeFPY24OPT4erPS4uDTQJlUCyZv Kldi40H/uGTsDFqxNz5eTahdKbanNb+3Bm/+Hgnf9IIZqJdWKA6OOgB0u5WazV3m O1L3u46SAyiFhKddssFhQBVwtkjiXEGxqkvv8d5R4IRWHYpToS+1IH/4nwHma5Lc bH8CrM6tdOYrm0kg/ebj9m4WVvnjMHcqOiLz0oK4dcrUB6w8mKQ= =WoJk -----END PGP SIGNATURE-----