{"affected":[{"ecosystem_specific":{"binaries":[{"ctdb":"4.22.5+git.431.dc5a539f124-160000.1.1","ctdb-pcp-pmda":"4.22.5+git.431.dc5a539f124-160000.1.1","ldb-tools":"4.22.5+git.431.dc5a539f124-160000.1.1","libldb-devel":"4.22.5+git.431.dc5a539f124-160000.1.1","libldb2":"4.22.5+git.431.dc5a539f124-160000.1.1","python3-ldb":"4.22.5+git.431.dc5a539f124-160000.1.1","samba":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-ad-dc":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-ad-dc-libs":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-ceph":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-client":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-client-libs":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-dcerpc":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-devel":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-doc":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-dsdb-modules":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-gpupdate":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-ldb-ldap":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-libs":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-libs-python3":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-python3":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-test":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-tool":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-winbind":"4.22.5+git.431.dc5a539f124-160000.1.1","samba-winbind-libs":"4.22.5+git.431.dc5a539f124-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"samba","purl":"pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.22.5+git.431.dc5a539f124-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for samba fixes the following issues:\n\nUpdate to 4.22.5:\n\n  * CVE-2025-10230: Command injection via WINS server hook script (bsc#1251280).\n  * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).\n\n- Relax samba-gpupdate requirement for cepces, certmonger, and sscep\n  to a recommends. They are only required if utilizing certificate\n  auto enrollment (bsc#1249087).\n\n- Disable timeouts for smb.service so that possibly slow running\n  ExecStartPre script 'update-samba-security-profile' doesn't\n  cause service start to fail due to timeouts (bsc#1249181).\n\n- Ensure semanage is pulled in as a requirement when samba in\n  installed when selinux security access mechanism that is used\n  (bsc#1249180).\n\n- don't attempt to label paths that don't exist, also remove\n  unecessary evaluation of semange & restorecon cmds (bsc#1249179).\n\nUpdate to 4.22.4:\n\n  * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with\n    SysvolReady=0\n  * getpwuid does not shift to new DC when current DC is down\n  * Windows security hardening locks out schannel'ed netlogon dc\n    calls like netr_DsRGetDCName-\n  * Unresponsive second DC can cause idmapping failure when using\n    idmap_ad-\n  * kinit command is failing with Missing cache Error.\n  * Figuring out the DC name from IP address fails and breaks\n    fork_domain_child().\n  * vfs_streams_depot fstatat broken.\n  * Delayed leader broadcast can block ctdb forever.\n  * Apparently there is a conflict between shadow_copy2 module\n    and virusfilter (action quarantine).\n  * Fix handling of empty GPO link.\n  * SMB ACL inheritance doesn't work for files created.\n\n- adjust gpgme build dependency for future-proofing\n\n","id":"openSUSE-SU-2025-20048-1","modified":"2025-11-18T23:14:26Z","published":"2025-11-18T23:14:26Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1249087"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249179"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249180"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249181"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251279"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251280"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-10230"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9640"}],"related":["CVE-2025-10230","CVE-2025-9640"],"summary":"Security update for samba","upstream":["CVE-2025-10230","CVE-2025-9640"]}