All errata/p11/ALT-PU-2025-10509-3
ALT-PU-2025-10509-3

Package update samba in branch p11

Version4.21.7-alt4
Published2026-06-10
Max severityCRITICAL
Severity:

Closed issues (6)

BDU:2025-09920
MEDIUM5.5

Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2025-08-17Modified: 2026-03-03
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N
BDU:2026-07316
CRITICAL10.0

Уязвимость функции check password script модуля DCE/RPC SAMR server пакета программ сетевого взаимодействия Samba, позволяющая нарушителю выполнить произвольный код

Published: 2026-05-26
CVSS 3.xCRITICAL 10.0
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-07422
HIGH8.0

Уязвимость компонента управления групповыми политиками (GPO) программного обеспечения Samba, позволяющая нарушителю обойти существующие ограничения безопасности

Published: 2026-05-27Modified: 2026-05-28
CVSS 3.xHIGH 8.0
CVSS:3.x/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CVSS 2.0MEDIUM 6.2
CVSS:2.0/AV:A/AC:H/Au:N/C:C/I:C/A:N
CVE-2025-0620
MEDIUM4.9

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

Published: 2025-06-06Modified: 2026-06-29
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2026-3012
MEDIUM6.8

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

Published: 2026-05-27Modified: 2026-06-30
CVSS 3.xMEDIUM 6.8
CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2026-4408
CRITICAL9.8

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.

Published: 2026-05-28Modified: 2026-06-30
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References

Closed bugs (2)

Выполнение net ads keytab create не приводит к созданию keytab-файла на КД

samba+dolphin: Стал запрашиваться пароль для открытия share, даже если выполнен вход доменным пользователем