[ubuntu/jammy-security] samba 2:4.15.13+dfsg-0ubuntu1.10 (Accepted)

Eduardo Barretto eduardo.barretto at canonical.com
Thu Oct 16 07:15:20 UTC 2025 

samba (2:4.15.13+dfsg-0ubuntu1.10) jammy-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory disclosure via vfs_streams_xattr
    - debian/patches/CVE-2025-9640-1.patch: add torture test for inserting
      hole in stream in source3/selftest/tests.py, source4/torture/*.
    - debian/patches/CVE-2025-9640-2.patch: fix unitialized write in
      source3/modules/vfs_streams_xattr.c.
    - CVE-2025-9640
  * SECURITY UPDATE: command injection via WINS server hook script
    - debian/patches/CVE-2025-10230-1.patch: check that wins hook sanitizes
      names in python/samba/tests/usage.py, selftest/*, source4/torture/*,
      testprogs/blackbox/wins_hook_test.
    - debian/patches/CVE-2025-10230-2.patch: restrict names fed to shell in
      source4/nbt_server/wins/wins_hook.c.
    - CVE-2025-10230

samba (2:4.15.13+dfsg-0ubuntu1.9) jammy; urgency=medium

  * Fix %m macro expansion (LP: #2123902):
    - d/p/s3-libsmb-dsgetdcname-do-not-assume-local-system-uses-ipv4.patch:
      return the first IPv4 and the first IPv6 address found for each DC. This
      patch was missing from the backported set of the previous upload
    - d/t/smbclient-macro-expansion: add test to check %m macro expansion

samba (2:4.15.13+dfsg-0ubuntu1.8) jammy; urgency=medium

  * Fix config file macro expansion (LP: #2120811):
    - no change rebuild actually fixed it in all tests (ppa and local)
    - d/t/{control,smbclient-macro-expansion}: new DEP8 test for the issue

samba (2:4.15.13+dfsg-0ubuntu1.7) jammy; urgency=medium

  * Upcoming changes to Windows Server enforce security checks even on
    schannel secured NETLOGON connections causing winbind's netlogon dc
    discovery calls to fail. (LP: #2116098):
    - d/p/s3-winbindd-use-better-debug-messages-than-talloc_st.patch: use
      better debug messages than 'talloc_strdup failed'
    - d/p/s3-winbindd-avoid-using-any-netlogon-call-to-get-a-d.patch: avoid
      using any netlogon call to get a dc name
    - d/p/s3-winbindd-Fix-internal-winbind-dsgetdcname-calls-w.patch: Fix
      internal winbind dsgetdcname calls w.r.t. domain name
    - d/p/s3-libsmb-let-discover_dc_netbios-return-DOMAIN_CONT.patch: let
      discover_dc_netbios() return DOMAIN_CONTROLLER_NOT_FOUND
    - d/p/s3-libsmb-allow-store_cldap_reply-to-work-with-a-ipv.patch: allow
      store_cldap_reply() to work with a ipv6 response
    - d/p/s3-libsmb-dsgetdcname-use-NETLOGON_NT_VERSION_AVOID_.patch: use
      NETLOGON_NT_VERSION_AVOID_NT4EMUL

samba (2:4.15.13+dfsg-0ubuntu1.6) jammy; urgency=medium

  * d/p/lp2046994-spotlight-doesnt-work-with-latest-macos-ventura.patch: fix
    spotlight search function on macos ventura (LP: #2046994).

Date: 2025-10-09 20:31:47.122948+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu1.10
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list