Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE: Samba Significant Command Injection Memory Leak 2025-20048-2

opensuse
Calendar Grey November 21, 2025
Dist Opensuse Esm H88
Critical update for openSUSE's samba resolves significant vulnerabilities ensuring system security.
An update that solves 2 vulnerabilities and has 6 bug fixes can now be installed.

Description

This update for samba fixes the following issues:

Update to 4.22.5:

* CVE-2025-10230: Command injection via WINS server hook script (bsc#1251280).

* CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).

- Relax samba-gpupdate requirement for cepces, certmonger, and sscep

to a recommends. They are only required if utilizing certificate

auto enrollment (bsc#1249087).

- Disable timeouts for smb.service so that possibly slow running

ExecStartPre script 'update-samba-security-profile' doesn't

cause service start to fail due to timeouts (bsc#1249181).

- Ensure semanage is pulled in as a requirement when samba in

installed when selinux security access mechanism that is used

(bsc#1249180).

- don't attempt to label paths that don't exist, also remove

unecessary evaluation of semange & restorecon cmds (bsc#1249179).

Update to 4.22.4:

* netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with

SysvolReady=0

* getpwuid does not...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical samba command injection memory disclosure OpenSUSE

Patch

Package List

- openSUSE Leap 16.0:

ctdb-4.22.5+git.431.dc5a539f124-160000.1.1

ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1

ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1

libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1

libldb2-4.22.5+git.431.dc5a539f124-160000.1.1

python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1

samba-4.22.5+git.431.dc5a539f124-160000.1.1

samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1

samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1

samba-ceph-4.22.5+git.431.dc5a539f124-160000.1.1

samba-client-4.22.5+git.431.dc5a539f124-160000.1.1

samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1

samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1

samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1

samba-doc-4.22.5+git.431.dc5a539f124-160000.1.1

samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1

samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1

samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1

samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1

samba-libs-python3-4.22.5+git.431.dc5a539f...

Read the Full Advisory

References

* bsc#1249087

* bsc#1249179

* bsc#1249180

* bsc#1249181

* bsc#1251279

* bsc#1251280

References:

* https://www.suse.com/security/cve/CVE-2025-10230.html

* https://www.suse.com/security/cve/CVE-2025-9640.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2025-20048-1
Rating: critical
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory critical samba command injection memory disclosure OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here