This bug was fixed in the package samba - 2:4.23.4+dfsg-1ubuntu1
---------------
samba (2:4.23.4+dfsg-1ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2126006). Remaining changes:
- Ubuntu i386 binary compatibility:
+ d/control: enable the liburing vfs module, except on i386 where
liburing is not available
+ python3-samba depends on python3-cryptography, which Ubuntu doesn't
build on i386 (LP #2099895):
- d/control: don't recommend python3-samba on i386
- d/rules: don't build python3-samba on ubuntu i386
- d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
samba AD DC provisioning and domain join tests with internal DNS
(LP #1977746, LP #2011745)
- d/control: make samba-vfs-modules-extra a transitional package.
The glusterfs vfs module (the only vfs module shipped in it
previously) is now in bin:samba-vfs-glusterfs. Can be dropped
after 26.04.
- d/control: have the (now transitional) samba-vfs-modules package
depend on samba-vfs-ceph, so that upgrades retain the ceph vfs
module
- d/control: samba-vfs-modules and samba-vfs-modules-extra, now
transitional packages, should only depend on the new samba-vfs-ceph and
samba-vfs-glusterfs packages on the architectures where those two
packages are built (LP #2076682)
- d/control: samba-vfs-modules i386 adjustments:
+ samba-vfs-modules-extra was not built before for 32bit architectures,
adjust Architectures line
+ samba-vfs-modules: this one was build for 32bit architectures before,
so we need the conditional Depends for ceph
- d/p/fix-motd-gpo-list-empty.patch: fix crash when listing an empty MOTD
GPO
- d/t/samba-ad-dc-provisioning-internal-dns: add MOTD GPO test
- d/t/{control,smbclient-macro-expansion}: add test for macro expansion
(related to LP #2120811)
* Dropped:
- SECURITY UPDATE: uninitialized memory disclosure via vfs_streams_xattr
+ debian/patches/CVE-2025-9640-1.patch: add torture test for inserting
hole in stream in source3/selftest/tests.py, source4/torture/*.
+ debian/patches/CVE-2025-9640-2.patch: fix unitialized write in
source3/modules/vfs_streams_xattr.c.
+ CVE-2025-9640
[Fixed upstream in 4.23.2]
- SECURITY UPDATE: command injection via WINS server hook script
+ debian/patches/CVE-2025-10230-1.patch: check that wins hook sanitizes
names in python/samba/tests/usage.py, selftest/*, source4/torture/*,
testprogs/blackbox/wins_hook_test.
+ debian/patches/CVE-2025-10230-2.patch: restrict names fed to shell in
source4/nbt_server/wins/wins_hook.c.
+ CVE-2025-10230
[Fixed upstream in 4.23.2]
- d/control: adjust breaks/replaces for file move that Debian did in
4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
file conflict in a dist-upgrade from earlier Ubuntu releases, like
Kinetic (LP #2024663)
[Only needed for upgrades from jammy to noble]
- d/control: don't have bin:samba recommend bin:samba-ad-dc (LP #2101838)
[In 2:4.23.0+dfsg-1]
* Added:
- d/control, d/samba-libs.install: remove the pkg.samba.builtin-ngtcp2
build profile and the build dependency on libngtcp2 because it's in
universe, and switch to the builtin version shipped with samba.
- d/t/control: certain tests don't work on i386 in Ubuntu
samba (2:4.23.4+dfsg-1) unstable; urgency=medium
* new upstream stable/bugfix release:
- https://bugzilla.samba.org/show_bug.cgi?id=15809:
samba-bgqd: rework man page
- https://bugzilla.samba.org/show_bug.cgi?id=15897:
Assert failed: (dirfd != -1) || (smb_fname->base_name[0] == '/')
in vfswrap_openat
- https://bugzilla.samba.org/show_bug.cgi?id=15926:
Samba 4.22 breaks Time Machine
- https://bugzilla.samba.org/show_bug.cgi?id=15936:
samba-bgqd can't find [printers] share
- https://bugzilla.samba.org/show_bug.cgi?id=15947:
mdssvc doesn't support $time.iso dates before 1970
- https://bugzilla.samba.org/show_bug.cgi?id=15950:
ctdb can crash with inconsistent cluster lock configuration
- https://bugzilla.samba.org/show_bug.cgi?id=15955:
Winbind can hang forever in gssapi if there are network issues
- https://bugzilla.samba.org/show_bug.cgi?id=15961:
libldb requires linking libreplace on Linux
- https://bugzilla.samba.org/show_bug.cgi?id=15963:
* d/patches: remove revert-ldb-use-hexchars_upper-from-replace.h.patch
(applied upstream)
samba (2:4.23.3+dfsg-1) unstable; urgency=medium
* new upstream stable/bugfix release:
- https://bugzilla.samba.org/show_bug.cgi?id=15926:
Samba 4.22 breaks Time Machine
- https://bugzilla.samba.org/show_bug.cgi?id=15927:
Spotlight search restriction for shares incomplete and
default search searches in too many attributes
- https://bugzilla.samba.org/show_bug.cgi?id=15930:
Searching for numbers doesn't work with Spotlight
- https://bugzilla.samba.org/show_bug.cgi?id=15931:
rpcd_mdssvc may crash because name mangling is not initialized
- https://bugzilla.samba.org/show_bug.cgi?id=15933:
Only increment lease epoch if a lease was granted
- https://bugzilla.samba.org/show_bug.cgi?id=15935:
Crash in ctdbd on failed updateip
- https://bugzilla.samba.org/show_bug.cgi?id=15940:
vfs_recycle does not update mtime
- https://bugzilla.samba.org/show_bug.cgi?id=15943:
samba-log-parser fails with UnicodeDecodeError:
'utf-8' codec can't decode byte
samba (2:4.23.2+dfsg-1) unstable; urgency=medium
* new upstream security release:
* CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr
https://www.samba.org/samba/security/CVE-2025-9640.html
* CVE-2025-10230: Command injection via WINS server hook script
https://www.samba.org/samba/security/CVE-2025-10230.html
samba (2:4.23.1+dfsg-1) unstable; urgency=medium
[ Michael Tokarev ]
* new upstream stable/bugfix release (Closes: #1116050):
- https://bugzilla.samba.org/show_bug.cgi?id=15904:
CTDB does not support PCP 7.0.0
- https://bugzilla.samba.org/show_bug.cgi?id=15914:
winbind can crash at startup
- https://bugzilla.samba.org/show_bug.cgi?id=15919:
vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev
for fsync_send
- https://bugzilla.samba.org/show_bug.cgi?id=15920:
Incomplete bind configuration causes DLZ plugin to crash
- https://bugzilla.samba.org/show_bug.cgi?id=15921:
CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set
* d/control: describe the forgotten mitkrb5 build profile
* d/control: Standards-Version: 4.7.2 (no changes)
* d/control: sort python build-deps together
* d/control: clarify some :native usages and add non-:native
alternatives for gcc-mingw*
* d/control: clarify python3-dev:native, libpython3-dev:host
* usershare.patch: remove
* d/samba.postinst: add `usershare max shares` parameter on upgrade
* debian/samba{,-libs}.lintian-overrides: remove unused
hardening-no-fortify-functions overrides
[ Grzegorz Szymaszek ]
* d/smb.conf: delete trailing spaces in comments
samba (2:4.23.0+dfsg-3) unstable; urgency=medium
* libmscat-deps.patch (Closes: #1103869)
* disable building undocumented dumpmscat binary, but provide
pkg.samba.dumpmscat build profile to enable buildig it
* enable system libngtcp2 (for !pkg.samba.builtin-ngtcp2 build profile)
* d/control: describe all current build profiles
* d/smb.conf: disable netbios by default
* d/samba.postinst: remove hunk for samba << 4.16.0 (pre-bookworm)
concerning socket directory
* d/samba.postinst: remove hunk for samba << 4.17.4-3 (pre-bookworm)
concerning handling of samba spool dir
* d/samba.postinst: remove hunk for samba << 4.17.4-3 (pre-bookworm)
concerning masking of services
* d/winbind.postinst: remove hunk for samba << 4.17.4-3 (pre-bookworm)
concerning masking of services
* d/samba-common.postinst: actually clean-up old debconf entries
* d/changelog: fix typo in previous entry
samba (2:4.23.0+dfsg-2) unstable; urgency=medium
* d/rules: override dh_gencontrol for arch build only
(no need to do that for indep build)
* d/samba-libs.install: libquic is linux-specific
* d/samba-libs.install: ngtcp2 is linux-specific, not non-hurd
* d/control: build-depend on :native variant of mingw gcc/tools
(helps building for bookworm where these tools aren't M-A:foreign)
samba (2:4.23.0+dfsg-1) unstable; urgency=medium
* new upstream release
* d/watch: 4.23
* d/gbp.conf: switch to 4.23 upstream branch
* d/rules: tevent=0.17.1 tdb=1.4.14
* libads-fix-get_kdc_ip_string.patch: remove (included upstream)
* d/copyright: remove entries for two removed files
* d/libpam-winbind.install: install message catalogs
* d/samba-common-bin.install: install message catalog(s) for the net command
* d/libsmbclient0.symbols,d/libtevent0t64.symbols: add new symbols
* d/libtdb1.symbols: add new version
* d/samba-dsdb-modules.install: add new AD module (trust_notify.so)
* d/samba-libs.install: refresh private libraries list (-1, +4 libs)
* d/samba-libs.preinst: remove, used in distant past
for upgrades from ancient versions
* d/control: stop recommending samba-ad-dc (and python3-samba)
from samba package (was needed for transition)
* d/control: stop recommending attr by samba
* d/control: remove pre-bookworm (samba<<4.17) breaks/replaces
* d/control: stop samba from being dependent on procps
(ps was used in initscript long ago)
* d/control: stop ctdb from being dependent on psmisc and sudo
* stop ctdb from depending on time package
* d/libnss-winbind.triggers: remove, ldconfig call is generated by genshlibs
* d/rules: explicitly specify --pythondir= & --pythonarchdir=
(so it doesn't install to /usr/lib/python3.13/site-packages/)
* d/rules,d/lib{nss,pam}-winbind.install: use ${SYSLIBDIR}
for /lib vs /usr/lib, stop using dh_movetousr
-- Andreas Hasenack <[email protected]> Fri, 09 Jan 2026
16:59:09 -0300
** Changed in: samba (Ubuntu)
Status: Fix Committed => Fix Released
** Bug watch added: Samba Bugzilla #15809
https://bugzilla.samba.org/show_bug.cgi?id=15809
** Bug watch added: Samba Bugzilla #15897
https://bugzilla.samba.org/show_bug.cgi?id=15897
** Bug watch added: Samba Bugzilla #15926
https://bugzilla.samba.org/show_bug.cgi?id=15926
** Bug watch added: Samba Bugzilla #15936
https://bugzilla.samba.org/show_bug.cgi?id=15936
** Bug watch added: Samba Bugzilla #15947
https://bugzilla.samba.org/show_bug.cgi?id=15947
** Bug watch added: Samba Bugzilla #15950
https://bugzilla.samba.org/show_bug.cgi?id=15950
** Bug watch added: Samba Bugzilla #15955
https://bugzilla.samba.org/show_bug.cgi?id=15955
** Bug watch added: Samba Bugzilla #15961
https://bugzilla.samba.org/show_bug.cgi?id=15961
** Bug watch added: Samba Bugzilla #15963
https://bugzilla.samba.org/show_bug.cgi?id=15963
** Bug watch added: Samba Bugzilla #15927
https://bugzilla.samba.org/show_bug.cgi?id=15927
** Bug watch added: Samba Bugzilla #15930
https://bugzilla.samba.org/show_bug.cgi?id=15930
** Bug watch added: Samba Bugzilla #15931
https://bugzilla.samba.org/show_bug.cgi?id=15931
** Bug watch added: Samba Bugzilla #15933
https://bugzilla.samba.org/show_bug.cgi?id=15933
** Bug watch added: Samba Bugzilla #15935
https://bugzilla.samba.org/show_bug.cgi?id=15935
** Bug watch added: Samba Bugzilla #15940
https://bugzilla.samba.org/show_bug.cgi?id=15940
** Bug watch added: Samba Bugzilla #15943
https://bugzilla.samba.org/show_bug.cgi?id=15943
** Bug watch added: Samba Bugzilla #15904
https://bugzilla.samba.org/show_bug.cgi?id=15904
** Bug watch added: Samba Bugzilla #15914
https://bugzilla.samba.org/show_bug.cgi?id=15914
** Bug watch added: Samba Bugzilla #15919
https://bugzilla.samba.org/show_bug.cgi?id=15919
** Bug watch added: Samba Bugzilla #15920
https://bugzilla.samba.org/show_bug.cgi?id=15920
** Bug watch added: Samba Bugzilla #15921
https://bugzilla.samba.org/show_bug.cgi?id=15921
** CVE added: https://cve.org/CVERecord?id=CVE-2025-10230
** CVE added: https://cve.org/CVERecord?id=CVE-2025-9640
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2126006
Title:
Merge samba from Debian Unstable for r-series
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-release-notes/+bug/2126006/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
