SUSE-SU-2025:03604-1

Опубликовано: 15 окт. 2025

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).

Список пакетов

SUSE Linux Enterprise High Availability Extension 12 SP5

ctdb-4.15.13+git.664.e8416d8d213-3.99.1

SUSE Linux Enterprise Server 12 SP5-LTSS

libsamba-policy-devel-4.15.13+git.664.e8416d8d213-3.99.1

libsamba-policy-python3-devel-4.15.13+git.664.e8416d8d213-3.99.1

libsamba-policy0-python3-4.15.13+git.664.e8416d8d213-3.99.1

libsamba-policy0-python3-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-4.15.13+git.664.e8416d8d213-3.99.1

samba-client-4.15.13+git.664.e8416d8d213-3.99.1

samba-client-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-client-libs-4.15.13+git.664.e8416d8d213-3.99.1

samba-client-libs-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-devel-4.15.13+git.664.e8416d8d213-3.99.1

samba-devel-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-doc-4.15.13+git.664.e8416d8d213-3.99.1

samba-ldb-ldap-4.15.13+git.664.e8416d8d213-3.99.1

samba-libs-4.15.13+git.664.e8416d8d213-3.99.1

samba-libs-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-libs-python3-4.15.13+git.664.e8416d8d213-3.99.1

samba-libs-python3-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-python3-4.15.13+git.664.e8416d8d213-3.99.1

samba-tool-4.15.13+git.664.e8416d8d213-3.99.1

samba-winbind-4.15.13+git.664.e8416d8d213-3.99.1

samba-winbind-libs-4.15.13+git.664.e8416d8d213-3.99.1

samba-winbind-libs-32bit-4.15.13+git.664.e8416d8d213-3.99.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

libsamba-policy-devel-4.15.13+git.664.e8416d8d213-3.99.1

libsamba-policy-python3-devel-4.15.13+git.664.e8416d8d213-3.99.1

libsamba-policy0-python3-4.15.13+git.664.e8416d8d213-3.99.1

libsamba-policy0-python3-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-4.15.13+git.664.e8416d8d213-3.99.1

samba-client-4.15.13+git.664.e8416d8d213-3.99.1

samba-client-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-client-libs-4.15.13+git.664.e8416d8d213-3.99.1

samba-client-libs-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-devel-4.15.13+git.664.e8416d8d213-3.99.1

samba-devel-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-doc-4.15.13+git.664.e8416d8d213-3.99.1

samba-ldb-ldap-4.15.13+git.664.e8416d8d213-3.99.1

samba-libs-4.15.13+git.664.e8416d8d213-3.99.1

samba-libs-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-libs-python3-4.15.13+git.664.e8416d8d213-3.99.1

samba-libs-python3-32bit-4.15.13+git.664.e8416d8d213-3.99.1

samba-python3-4.15.13+git.664.e8416d8d213-3.99.1

samba-tool-4.15.13+git.664.e8416d8d213-3.99.1

samba-winbind-4.15.13+git.664.e8416d8d213-3.99.1

samba-winbind-libs-4.15.13+git.664.e8416d8d213-3.99.1

samba-winbind-libs-32bit-4.15.13+git.664.e8416d8d213-3.99.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202503604-1/
Link for SUSE-SU-2025:03604-1
https://lists.suse.com/pipermail/sle-updates/2025-October/042172.html
E-Mail link for SUSE-SU-2025:03604-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1251279
SUSE Bug 1251279
https://bugzilla.suse.com/1251280
SUSE Bug 1251280
https://www.suse.com/security/cve/CVE-2025-10230/
SUSE CVE CVE-2025-10230 page
https://www.suse.com/security/cve/CVE-2025-9640/
SUSE CVE CVE-2025-9640 page

Описание

unknown

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 12 SP5:ctdb-4.15.13+git.664.e8416d8d213-3.99.1

SUSE Linux Enterprise Server 12 SP5-LTSS:libsamba-policy-devel-4.15.13+git.664.e8416d8d213-3.99.1

SUSE Linux Enterprise Server 12 SP5-LTSS:libsamba-policy-python3-devel-4.15.13+git.664.e8416d8d213-3.99.1

SUSE Linux Enterprise Server 12 SP5-LTSS:libsamba-policy0-python3-32bit-4.15.13+git.664.e8416d8d213-3.99.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-10230.html
CVE-2025-10230
https://bugzilla.suse.com/1251280
SUSE Bug 1251280

Описание

A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 12 SP5:ctdb-4.15.13+git.664.e8416d8d213-3.99.1

SUSE Linux Enterprise Server 12 SP5-LTSS:libsamba-policy-devel-4.15.13+git.664.e8416d8d213-3.99.1

SUSE Linux Enterprise Server 12 SP5-LTSS:libsamba-policy-python3-devel-4.15.13+git.664.e8416d8d213-3.99.1

SUSE Linux Enterprise Server 12 SP5-LTSS:libsamba-policy0-python3-32bit-4.15.13+git.664.e8416d8d213-3.99.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-9640.html
CVE-2025-9640
https://bugzilla.suse.com/1251279
SUSE Bug 1251279

SUSE-SU-2025:03604-1

Описание

Список пакетов

SUSE Linux Enterprise High Availability Extension 12 SP5

SUSE Linux Enterprise Server 12 SP5-LTSS

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2025-10230

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-9640

Описание

Затронутые продукты

Ссылки