[ubuntu/questing-security] samba 2:4.22.3+dfsg-4ubuntu2.1 (Accepted)
Eduardo Barretto
eduardo.barretto at canonical.com
Thu Oct 16 07:15:11 UTC 2025
samba (2:4.22.3+dfsg-4ubuntu2.1) questing-security; urgency=medium
* SECURITY UPDATE: uninitialized memory disclosure via vfs_streams_xattr
- debian/patches/CVE-2025-9640-1.patch: add torture test for inserting
hole in stream in source3/selftest/tests.py, source4/torture/*.
- debian/patches/CVE-2025-9640-2.patch: fix unitialized write in
source3/modules/vfs_streams_xattr.c.
- CVE-2025-9640
* SECURITY UPDATE: command injection via WINS server hook script
- debian/patches/CVE-2025-10230-1.patch: check that wins hook sanitizes
names in python/samba/tests/usage.py, selftest/*, source4/torture/*,
testprogs/blackbox/wins_hook_test.
- debian/patches/CVE-2025-10230-2.patch: restrict names fed to shell in
source4/nbt_server/wins/wins_hook.c.
- CVE-2025-10230
Date: 2025-10-10 12:03:13.493170+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/samba/2:4.22.3+dfsg-4ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list