Fedora alert FEDORA-2026-7567819345 (samba)

From:
             
 
updates--- via package-announce <package-announce@lists.fedoraproject.org>
To:
             
 
package-announce@lists.fedoraproject.org
Subject:
             
 
[SECURITY] Fedora 44 Update: samba-4.24.3-1.fc44
Date:
             
 
Tue, 02 Jun 2026 00:55:05 +0000
Message-ID:
             
 
<20260602005505.A4C2979686@bastion01.rdu3.fedoraproject.org>
Archive-link:
             
 
Article
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7567819345
2026-06-02 00:53:32.834931+00:00
--------------------------------------------------------------------------------

Name        : samba
Product     : Fedora 44
Version     : 4.24.3
Release     : 1.fc44
URL         : https://www.samba.org
Summary     : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.

--------------------------------------------------------------------------------
Update Information:

Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340,
CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Günther Deschner <gd@samba.org> - 2:4.24.3-1
- Update to Samba 4.24.3
- resolves: rhbz#2481468
- resolves: rhbz#2481447 - Security fix for CVE-2026-4480
- resolves: rhbz#2481875 - Security fix for CVE-2026-2340
- resolves: rhbz#2481857 - Security fix for CVE-2026-3012
- resolves: rhbz#2481876 - Security fix for CVE-2026-1933
- Security fix for CVE-2026-4408
- Security fix for CVE-2026-3238
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2481447 - CVE-2026-4480 samba: Samba: Remote Code Execution in printing subsystem via
unescaped job description [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2481447
  [ 2 ] Bug #2481468 - samba-4.24.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2481468
  [ 3 ] Bug #2481857 - CVE-2026-3012 samba: group policy certificate enrollment uses http://
without validation [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2481857
  [ 4 ] Bug #2481875 - CVE-2026-2340 samba: vfs_worm does not block directory modification
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2481875
  [ 5 ] Bug #2481876 - CVE-2026-1933 samba: Missing access check on reparse point operations
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2481876
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7567819345' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



Attachment: None (type=text/plain)
-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new