Control: tags -1 + confirmed On Mon, 2025-12-01 at 16:22 +0300, Michael Tokarev wrote: > [ Reason ] > There are 3 known security hole exists in bookworm version > of samba. These holes has been fixed in more recent versions > of the package, including trixie version, and the fixes has > been back-ported to earlier releases by the LTS samba community > (https://gitlab.com/samba-team/lts-community and the git tree > in there). > > The vulnerabilities are: > > CVE-2018-14628: Unprivileged read of deleted object tombstones > in AD LDAP server (#1034803) > CVE-2025-10230: Command injection via WINS server hook script > CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr
Please go ahead. Regards, Adam
