-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 May 2026 15:46:55 +0300 Source: samba Binary: samba-ad-provision samba-common Architecture: all Version: 2:4.22.10+dfsg-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Michael Tokarev Description: samba-ad-provision - Samba files needed for AD domain provision samba-common - common files used by both the Samba server and client Changes: samba (2:4.22.10+dfsg-0+deb13u1) trixie; urgency=medium . * switch to actual upstream release for the May-2026 security fixes: . * This is a security release in order to address the following defects: . CVE-2026-1933: Missing access checks on reparse point operations On a share marked "read only = yes" and on file handles opened R/O users can set or delete the reparse point xattrs on files that the user has write-access in the file system for. https://www.samba.org/samba/security/CVE-2026-1933.html . CVE-2026-2340: WORM vfs module does not block overwrites The WORM (Write-Once, Read Many) vfs module is supposed to lock write access to shared files, so they cannot be altered after initial writes. It was allowing files to be overwritten by renaming a newly created file over a protected file. https://www.samba.org/samba/security/CVE-2026-2340.html . CVE-2026-3012: auto-enrolment GPO installing CA certificate over http without verification To bootstrap a certificate chain a domain member must fetch a certificate without TLS. It was trusting HTTP for this when a more secure encrypted LDAP channel was also available. https://www.samba.org/samba/security/CVE-2026-3012.html . CVE-2026-3238: Denial of service against AD DC WINS server The WINS server component of the Active Directory Domain controller code in Samba is vulnerable to a NULL pointer dereference and crash caused by an unauthenticated UDP packet. https://www.samba.org/samba/security/CVE-2026-3238.html . CVE-2026-4408: Unauthenticated Remote Code Execution in Samba DCE/RPC SAMR server Samba file servers and classic (non-AD) domain controllers with samba-dcerpcd started as a system service and with a "check password script" that has the %u substitution character are vulnerable to a remote code execution. https://www.samba.org/samba/security/CVE-2026-4408.html . CVE-2026-4480: Unauthenticated Remote Code Execution in Samba printing subsystem Samba print servers with a "print command" that has the %J substitution character are vulnerable to a Remote Code Execution. https://www.samba.org/samba/security/CVE-2026-4480.html Checksums-Sha1: 1e5271bcf79c4340a65446573f2785c47d795adf 507220 samba-ad-provision_4.22.10+dfsg-0+deb13u1_all.deb 72179e47f8e5e2ab29b2c0a3c6ce16dc9472519f 65028 samba-common_4.22.10+dfsg-0+deb13u1_all.deb 60f9ae514e2b5c542998c0002c371f475a2b2a6e 5933 samba_4.22.10+dfsg-0+deb13u1_all-buildd.buildinfo Checksums-Sha256: 50ebf0ed1a093fd3d76eda0b9e393f68256e9822eb647c3cc37774db70e3be9f 507220 samba-ad-provision_4.22.10+dfsg-0+deb13u1_all.deb da58910623e211fd4f382ee5e9f2d023dd9e9fe66f68956ad5ad43aa51c06526 65028 samba-common_4.22.10+dfsg-0+deb13u1_all.deb 453c55370947460e2ce46fb58eb26b17f38e82463a2ab97223b1540310c423a9 5933 samba_4.22.10+dfsg-0+deb13u1_all-buildd.buildinfo Files: d39779714c9e88906d063a38906caefd 507220 net optional samba-ad-provision_4.22.10+dfsg-0+deb13u1_all.deb 2d72ba365237b790586784ba8565a9c9 65028 net optional samba-common_4.22.10+dfsg-0+deb13u1_all.deb 50729c2f6f355f143a398e37f78000bd 5933 net optional samba_4.22.10+dfsg-0+deb13u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmpJtlcACgkQaBVi67oX tfmB5xAAglr+WCmptMuL0x31VyQqOfWXzveUkDRwUnp+vwhEjr2U2Nlwy83ifwZL l5ewpZTik113Q+3d20BAR9I/cBP3HAHCwbluAQ8zVl+jY1jYXIWtpeZq6qwojRYW WUcn+CXd32qhMSI94+k5nuSD0tHEaeqqBqeZk95v9aG/QiO7qndAmPvSPxBoncKM MIO0JP0JmaOBG8abVeMHzCsPTrRCi2xCEqE/FExMwsgPp2GVlnC7Wdm5cp8NEFP8 SiOHr7SNvYXOUHkK7Xd++xBWp7uFz+M/QuBvvyIBTtX+z/fX3dWu4UHekjQA1urR qEFSllzcZOpn+4jBk+Gk0sM3MEEbwvWrSZpQ027AxOSjSl8Rokhm3msPaS5Sd4+V sgLKHBDhi1SxbKF0g4EJbVvwDn/y9nEpBZxvnbXEdMHy5MSX8FJ8VHlW10W15/bT dfr+KPD/ipst8DP6nB1o5auAimiO7gNg3XiLXgzQniBF+DJMLYrqziqfAl1TCb6W MoUG0JmIf2p49JvFnxkzNytTt6i+drZ3Rl52drapkthiHg6HFILJSGLjtpU/fNa0 4zC74ohJVUvteeXCJDeZKFF4Ic11c52phBISMdmz7it+emBJUmOXdZ7nN49KmiVr IsJrukOACoPMQ1yKAEwR9wKvTaWMA4IyUOVzOfulaYBGGit4TJM= =2jYa -----END PGP SIGNATURE-----