UbuntuUpdates.org

Package "smbclient"

Name: smbclient

Description:

command-line SMB/CIFS clients for Unix
Latest version: 2:4.21.4+dfsg-1ubuntu3.5
Release: plucky (25.04)
Level: security
Repository: main
Head package: samba
Homepage: https://www.samba.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "smbclient"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "smbclient" in Plucky

Repository Area Version
base main 2:4.21.4+dfsg-1ubuntu3
updates main 2:4.21.4+dfsg-1ubuntu3.5

Changelog

Version: 2:4.21.4+dfsg-1ubuntu3.5 2025-10-16 10:07:21 UTC

  samba (2:4.21.4+dfsg-1ubuntu3.5) plucky-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory disclosure via vfs_streams_xattr
    - debian/patches/CVE-2025-9640-1.patch: add torture test for inserting
      hole in stream in source3/selftest/tests.py, source4/torture/*.
    - debian/patches/CVE-2025-9640-2.patch: fix unitialized write in
      source3/modules/vfs_streams_xattr.c.
    - CVE-2025-9640
  * SECURITY UPDATE: command injection via WINS server hook script
    - debian/patches/CVE-2025-10230-1.patch: check that wins hook sanitizes
      names in python/samba/tests/usage.py, selftest/*, source4/torture/*,
      testprogs/blackbox/wins_hook_test.
    - debian/patches/CVE-2025-10230-2.patch: restrict names fed to shell in
      source4/nbt_server/wins/wins_hook.c.
    - CVE-2025-10230

 -- Marc Deslauriers <email address hidden> Thu, 09 Oct 2025 09:38:44 -0400
Source diff to previous version
CVE-2025-9640 A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows
CVE-2025-10230 Command injection via WINS server hook script

Version: 2:4.21.4+dfsg-1ubuntu3.1 2025-06-11 14:08:02 UTC

  samba (2:4.21.4+dfsg-1ubuntu3.1) plucky-security; urgency=medium

  * SECURITY UPDATE: smbd doesn't pick up group membership changes when
    re-authenticating an expired SMB session
    - debian/patches/CVE-2025-0620.patch: fix logic in source3/smbd/conn.c.
    - CVE-2025-0620

 -- Marc Deslauriers <email address hidden> Wed, 04 Jun 2025 12:15:12 -0400
CVE-2025-0620 A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issu


About   -   Send Feedback to @ubuntu_updates