Overview

File _patchinfo of Package patchinfo.30947

<patchinfo incident="30947">
  <issue tracker="cve" id="2023-42669"/>
  <issue tracker="cve" id="2023-4091"/>
  <issue tracker="cve" id="2025-9640"/>
  <issue tracker="cve" id="2025-10230"/>
  <issue tracker="bnc" id="1215904">VUL-0: EMBARGOED: CVE-2023-4091: samba: Client can truncate file with read-only permissions</issue>
  <issue tracker="bnc" id="1215905">VUL-0: EMBARGOED: CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request</issue>
  <issue tracker="bnc" id="1251279"/>
  <issue tracker="bnc" id="1251280"/>
  <issue tracker="bnc" id="1233880"/>
  <packager>scabrero</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for samba</summary>
  <description>This update for samba fixes the following issues:

- CVE-2025-9640: Fixed vfs_streams_xattr uninitialized memory write (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS Server Hook Script (bsc#1251280).
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904).
- CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905).

The following non-security bugs were fixed:

- Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places