Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 20.04 Samba Serious DoS RCE Vulnerability USN-8306-2 Advisory

ubuntu
Calendar Grey June 10, 2026
Dist Ubuntu Esm H88
Multiple security issues in Samba for Ubuntu 20.04 require immediate updates to prevent exploitation and system compromise.
Several security issues were fixed in Samba.

Summary

Several security issues were fixed in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-8306-1 fixed vulnerabilities in Samba. This update provides the

corresponding updates for CVE-2026-3238, CVE-2026-4408, and

CVE-2026-4480 in Ubuntu 20.04 LTS.

Original advisory details:

Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access

checks on reparse point operations. An attacker could possibly use this

issue to modify reparse point extended attributes on files that should

have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu

26.04 LTS. (CVE-2026-1933)

Pavel Kohout discovered that Samba's vfs_worm module did not properly

block file overwrites. An attacker could possibly use this issue to

overwrite files that should have remained immutable. (CVE-2026-2340)

Arad Inbar, Nir Somech, and Ben Grinberg discovered that Samba incorrectly

handled certificate auto-enrolment group policies over HTTP...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  ctdb                            2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libnss-winbind                  2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libpam-winbind                  2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libsmbclient                    2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libsmbclient-dev                2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libwbclient-dev                 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libwbclient0                    2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  python3-samba                   2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  registry-tools                  2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba                           2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-common                    2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-common-bin                2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-dev                       2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-dsdb-modules              2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-libs                      2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-vfs-modules               2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  smbclient                       2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  winbind                         2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8306-2

https://ubuntu.com/security/notices/USN-8306-1

CVE-2026-3238, CVE-2026-4408, CVE-2026-4480

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8306-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here