Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in Samba.. ========================================================================== Ubuntu Security Notice USN-8306-2 June 10, 2026 samba vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Samba. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: USN-8306-1 fixed vulnerabilities in Samba. This update provides the corresponding updates for CVE-2026-3238, CVE-2026-4408, and CVE-2026-4480 in Ubuntu 20.04 LTS. Original advisory details: Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-1933) Pavel Kohout discovered that Samba's vfs_worm module did not properly block file overwrites. An attacker could possibly use this issue to overwrite files that should have remained immutable. (CVE-2026-2340) Arad Inbar, Nir Somech, and Ben Grinberg discovered that Samba incorrectly handled certificate auto-enrolment group policies over HTTP without verification. A machine-in-the-middle attacker could possibly use this issue to install a malicious CA certificate. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-3012) Arad Inbar, Erez Cohen, Nir Somech, and Ben Grinberg discovered that Samba's Active Directory Domain Controller WINS server could be made to crash under certain circumstances. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-3238) Ron Ben Yizhak discovered that Samba's DCE/RPC SAMR server incorrectly handled a non-default password check script configuration. A remote attacker could possibly use this issueto execute arbitrary code. (CVE-2026-4408) Ron Ben Yizhak discovered that Samba's printing subsystem incorrectly handled a non-default print command configuration. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-4480) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS ctdb 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro libnss-winbind 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro libpam-winbind 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro libsmbclient 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro libsmbclient-dev 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro libwbclient-dev 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro libwbclient0 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro python3-samba 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro registry-tools 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro samba 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro samba-common 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro samba-common-bin 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro samba-dev 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro samba-dsdb-modules 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro samba-libs 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro samba-vfs-modules 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro smbclient 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro winbind 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8306-2 https://ubuntu.com/security/notices/USN-8306-1 CVE-2026-3238, CVE-2026-4408, CVE-2026-4480 . Multiple security issues in Samba for Ubuntu 20.04 require immediate updates to prevent exploitation and system compromise.. Ubuntu Samba security update issues vulnerabilities patch. . Severity: Critical. LinuxSecurity.com Team
Several vulnerabilities were discovered in modsecurity-apache, an Apache module to tighten the Web application security, which may result in denial of service (high memory consumption). . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5940-1
PostgreSQL SQL injection has been fixed in web.py, a Web framework for Python applications. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4189-1
Valkey 8.0.3 - Released Wed 23 Apr 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes Optimize RDB load performance and fix cluster mode resizing on replica side. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-59ebc165fc 2025-05-03 01:10:16.988278+00:00 -------------------------------------------------------------------------------- Name : valkey Product : Fedora 40 Version : 8.0.3 Release : 1.fc40 URL : https://valkey.io Summary : A persistent key-value database Description : Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. -------------------------------------------------------------------------------- Update Information: Valkey 8.0.3 - Released Wed 23 Apr 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes Optimize RDB load performance and fix cluster mode resizing onreplica side (#1199) Fix memory leak in forgotten node ping ext code path (#1574) Fix cluster info sent stats for message with light header (#1563) Fix module LatencyAddSample still work when latency-monitor-threshold is 0 (#1541) Fix potential crash in radix tree recompression of huge keys (#1722) Fix error "SSL routines::bad length" when connTLSWrite is called second time with smaller buffer (#1737) Fix temp file leak druing replication error handling (#1721) Fix ACL LOAD crash on replica since the primary client don't has a user (#1842) Fix RANDOMKEY infinite loop during CLIENT PAUSE (#1850) fix: add samples to stream object consumer trees (#1825) Fix cluster slot stats assertion during promotion of replica (#1950) Fix panic in primary when blocking shutdown after previous block with timeout (#1948) Ignore stale gossip packets that arrive out of order (#1777) Fix incorrect lag reported in XINFO GROUPS (#1952) Avoid shard id update of replica if not matching with primary shard id (#573) Security fixes CVE-2025-21605 Limit output buffer for unauthenticated clients (#1993) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2025 Remi Collet - 8.0.3-1 - update to 8.0.3 fixes CVE-2025-21605 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-59ebc165fc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5770-1
It was discovered that there was a command-line injection issue in the FreeIPA identity, authentication and audit framework. A specially crafted HTTP request could have lead to a Denial of Service (DoS) attack and/or data exposure. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3773-1
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42883 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5580-1
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5485-1
Get the latest Linux and open source security news straight to your inbox.