rpm package
almalinux/samba-gpupdate
pkg:rpm/almalinux/samba-gpupdate
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4408 | Cri | 9.0 | < 4.23.5-109.el10_2 | 4.23.5-109.el10_2 | May 28, 2026 | A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed | |
| CVE-2026-2340 | Med | 6.5 | < 4.23.5-109.el10_2 | 4.23.5-109.el10_2 | May 27, 2026 | A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write | |
| CVE-2026-1933 | Hig | 7.1 | < 4.23.5-109.el10_2 | 4.23.5-109.el10_2 | May 27, 2026 | A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations | |
| CVE-2026-3012 | Hig | 8.0 | < 4.23.5-109.el10_2 | 4.23.5-109.el10_2 | May 27, 2026 | A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker w | |
| CVE-2026-4480 | Cri | 9.0 | < 4.23.5-109.el10_2 | 4.23.5-109.el10_2 | May 26, 2026 | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this | |
| CVE-2026-40170 | Hig | 7.5 | < 4.23.5-109.el10_2 | 4.23.5-109.el10_2 | Apr 16, 2026 | ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send suffic |
- affected < 4.23.5-109.el10_2fixed 4.23.5-109.el10_2
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed
- affected < 4.23.5-109.el10_2fixed 4.23.5-109.el10_2
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write
- affected < 4.23.5-109.el10_2fixed 4.23.5-109.el10_2
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations
- affected < 4.23.5-109.el10_2fixed 4.23.5-109.el10_2
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker w
- affected < 4.23.5-109.el10_2fixed 4.23.5-109.el10_2
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this
- affected < 4.23.5-109.el10_2fixed 4.23.5-109.el10_2
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send suffic