This update for samba fixes the following issues
* CVE-2026-2340: vfs_worm does not block directory modification (bsc#1261158).
* CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server
(bsc#1261160).
* CVE-2026-4408: Remote Code Execution in SAMR (bsc#1261163).
* CVE-2026-4480: Unauthenticated Remote Code Execution (bsc#1261161).
Non security issues:
* Fix pthreadpool_tevent race conditions accessing both
pthreadpool_tevent.jobs list and pthreadpool_tevent.glue_list (bsc#1252963)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2108=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2108=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2108=1
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2108=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2108=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2108=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2108=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2108=1
* SUSE Linux Enterprise...
Read the Full Advisory* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* samba-dsdb-modules-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-test-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* ctdb-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* ctdb-pcp-pmda-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* ctdb-pcp-pmda-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
*...
Read the Full Advisory* bsc#1252963
* bsc#1261158
* bsc#1261160
* bsc#1261161
* bsc#1261163
## References:
* https://www.suse.com/security/cve/CVE-2026-2340.html
* https://www.suse.com/security/cve/CVE-2026-3238.html
* https://www.suse.com/security/cve/CVE-2026-4408.html
* https://www.suse.com/security/cve/CVE-2026-4480.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252963
* https://bugzilla.suse.com/show_bug.cgi?id=1261158
* https://bugzilla.suse.com/show_bug.cgi?id=1261160
* https://bugzilla.suse.com/show_bug.cgi?id=1261161
* https://bugzilla.suse.com/show_bug.cgi?id=1261163
Get the latest Linux and open source security news straight to your inbox.