Описание
Security update for samba
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).
Update to 4.21.8:
- netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981).
- getpwuid does not shift to new DC when current DC is down; (bso#15844).
- Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bso#15876).
- kinit command is failing with Missing cache Error; (bso#15840).
- Figuring out the DC name from IP address fails and breaks fork_domain_child(); (bso#15891).
- Delayed leader broadcast can block ctdb forever; (bso#15892).
- 'net ads group' failed to list domain groups; (bso#15900).
- Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine); (bso#15663).
- Fix handling of empty GPO link; (bso#15877).
- SMB ACL inheritance doesn't work for files created; (bso#15880).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15 SP7
ctdb-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
SUSE Linux Enterprise Module for Basesystem 15 SP7
ldb-tools-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
libldb-devel-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
libldb2-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
libldb2-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
python3-ldb-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-ceph-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-client-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-client-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-client-libs-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-dcerpc-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-devel-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-gpupdate-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-ldb-ldap-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-libs-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-libs-python3-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-python3-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-tool-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-winbind-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-winbind-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
samba-winbind-libs-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
Ссылки
- Link for SUSE-SU-2025:3676-1
- E-Mail link for SUSE-SU-2025:3676-1
- SUSE Security Ratings
- SUSE Bug 1251279
- SUSE Bug 1251280
- SUSE CVE CVE-2025-10230 page
- SUSE CVE CVE-2025-9640 page
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP7:ctdb-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:ldb-tools-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:libldb-devel-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:libldb2-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
Ссылки
- CVE-2025-10230
- SUSE Bug 1251280
Описание
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP7:ctdb-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:ldb-tools-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:libldb-devel-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:libldb2-32bit-4.21.8+git.418.e80c9b2a88c-150700.3.11.2
Ссылки
- CVE-2025-9640
- SUSE Bug 1251279