From: Raspbian automatic forward porter Date: Sun, 31 May 2026 02:13:48 +0000 (+0100) Subject: Merge version 2:4.24.1+dfsg-1+rpi1 and 2:4.24.3+dfsg-1 to produce 2:4.24.3+dfsg-1... X-Git-Tag: archive/raspbian/2%4.24.3+dfsg-1+rpi1^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=47fecc91f50c630bd549793ded74764dbe5f2c8b;p=samba.git Merge version 2:4.24.1+dfsg-1+rpi1 and 2:4.24.3+dfsg-1 to produce 2:4.24.3+dfsg-1+rpi1 --- 47fecc91f50c630bd549793ded74764dbe5f2c8b diff --cc debian/changelog index 0c57f561,c5673d06..49309929 --- a/debian/changelog +++ b/debian/changelog @@@ -1,9 -1,66 +1,73 @@@ - samba (2:4.24.1+dfsg-1+rpi1) forky-staging; urgency=medium ++samba (2:4.24.3+dfsg-1+rpi1) forky-staging; urgency=medium + + [changes brought forward from 2:4.19.1+dfsg-4+rpi1 by Peter Michael Green at Thu, 12 Oct 2023 15:37:21 +0000] + * Link with libatomic on armhf too. + - -- Raspbian forward porter Tue, 21 Apr 2026 16:26:26 +0000 ++ -- Raspbian forward porter Sun, 31 May 2026 02:13:47 +0000 ++ + samba (2:4.24.3+dfsg-1) unstable; urgency=medium + + * This is a security release in order to address the following defects: + + CVE-2026-1933: Missing access checks on reparse point operations + + On a share marked "read only = yes" and on file handles opened R/O users + can set or delete the reparse point xattrs on files that the user has + write-access in the file system for. + + https://www.samba.org/samba/security/CVE-2026-1933.html + + CVE-2026-2340: WORM vfs module does not block overwrites + + The WORM (Write-Once, Read Many) vfs module is supposed to lock write + access to shared files, so they cannot be altered after initial writes. + It was allowing files to be overwritten by renaming a newly created file + over a protected file. + + https://www.samba.org/samba/security/CVE-2026-2340.html + + CVE-2026-3012: auto-enrolment GPO installing CA certificate over http + without verification + + To bootstrap a certificate chain a domain member must fetch a certificate + without TLS. It was trusting HTTP for this when a more secure encrypted + LDAP channel was also available. + + https://www.samba.org/samba/security/CVE-2026-3012.html + + CVE-2026-3238: Denial of service against AD DC WINS server + + The WINS server component of the Active Directory Domain controller code + in Samba is vulnerable to a NULL pointer dereference and crash caused by + an unauthenticated UDP packet. + + https://www.samba.org/samba/security/CVE-2026-3238.html + + CVE-2026-4408: Unauthenticated Remote Code Execution in Samba DCE/RPC + SAMR server + + Samba file servers and classic (non-AD) domain controllers with + samba-dcerpcd started as a system service and with a "check password + script" that has the %u substitution character are vulnerable to a + remote code execution. + + https://www.samba.org/samba/security/CVE-2026-4408.html + + CVE-2026-4480: Unauthenticated Remote Code Execution in Samba + printing subsystem + + Samba print servers with a "print command" that has the %J substitution + character are vulnerable to a Remote Code Execution. + + https://www.samba.org/samba/security/CVE-2026-4480.html + + -- Michael Tokarev Tue, 26 May 2026 15:46:55 +0300 + + samba (2:4.24.2+dfsg-1) unstable; urgency=medium + + * new upstream point release + + -- Michael Tokarev Tue, 12 May 2026 21:10:42 +0300 samba (2:4.24.1+dfsg-1) unstable; urgency=medium