All errata/sisyphus/ALT-PU-2026-8760-1
ALT-PU-2026-8760-1

Package update samba in branch sisyphus

Version4.22.10-alt1
Task#420263
Published2026-06-05
Max severityCRITICAL
Severity:

Closed issues (12)

BDU:2026-07316
CRITICAL10.0

Уязвимость функции check password script модуля DCE/RPC SAMR server пакета программ сетевого взаимодействия Samba, позволяющая нарушителю выполнить произвольный код

Published: 2026-05-26
CVSS 3.xCRITICAL 10.0
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2026-07317
CRITICAL10.0

Уязвимость подсистемы печати (printing subsystem) программ сетевого взаимодействия Samba, позволяющая нарушителю выполнить произвольный код

Published: 2026-05-26
CVSS 3.xCRITICAL 10.0
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2026-07419
HIGH7.1

Уязвимость механизма NTFS reparse points программного обеспечения Samba, позволяющая нарушителю изменить произвольные файлы

Published: 2026-05-27Modified: 2026-05-28
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C
References
BDU:2026-07421
HIGH7.3

Уязвимость модуля vfs_worm программного обеспечения Samba, позволяющая нарушителю изменить произвольные файлы

Published: 2026-05-27Modified: 2026-05-28
CVSS 3.xHIGH 7.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References
BDU:2026-07422
HIGH8.0

Уязвимость компонента управления групповыми политиками (GPO) программного обеспечения Samba, позволяющая нарушителю обойти существующие ограничения безопасности

Published: 2026-05-27Modified: 2026-05-28
CVSS 3.xHIGH 8.0
CVSS:3.x/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CVSS 2.0MEDIUM 6.2
CVSS:2.0/AV:A/AC:H/Au:N/C:C/I:C/A:N
References
BDU:2026-07423
HIGH7.5

Уязвимость WINS-сервера программного обеспечения Samba, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-05-27
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2026-1933
MEDIUM6.5

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.

Published: 2026-05-27Modified: 2026-06-23
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
References
CVE-2026-2340
MEDIUM6.5

A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.

Published: 2026-05-27Modified: 2026-06-23
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
References
CVE-2026-3012
MEDIUM6.8

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

Published: 2026-05-27Modified: 2026-06-23
CVSS 3.xMEDIUM 6.8
CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
References
CVE-2026-3238
HIGH7.5

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

Published: 2026-06-08Modified: 2026-06-17
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2026-4408
CRITICAL9.8

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.

Published: 2026-05-28Modified: 2026-06-23
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2026-4480
CRITICAL9.0

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.

Published: 2026-05-26Modified: 2026-06-23
CVSS 3.xCRITICAL 9.0
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References