==========================================================================
Ubuntu Security Notice USN-8306-2
June 10, 2026

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-8306-1 fixed vulnerabilities in Samba. This update provides the
corresponding updates for CVE-2026-3238, CVE-2026-4408, and
CVE-2026-4480 in Ubuntu 20.04 LTS.

Original advisory details:

 Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access
 checks on reparse point operations. An attacker could possibly use this
 issue to modify reparse point extended attributes on files that should
 have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu
 26.04 LTS. (CVE-2026-1933)

 Pavel Kohout discovered that Samba's vfs_worm module did not properly
 block file overwrites. An attacker could possibly use this issue to
 overwrite files that should have remained immutable. (CVE-2026-2340)

 Arad Inbar, Nir Somech, and Ben Grinberg discovered that Samba incorrectly
 handled certificate auto-enrolment group policies over HTTP without
 verification. A machine-in-the-middle attacker could possibly use this
 issue to install a malicious CA certificate. This issue only affected
 Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-3012)

 Arad Inbar, Erez Cohen, Nir Somech, and Ben Grinberg discovered that
 Samba's Active Directory Domain Controller WINS server could be made to
 crash under certain circumstances. A remote attacker could possibly use
 this issue to cause a denial of service. (CVE-2026-3238)

 Ron Ben Yizhak discovered that Samba's DCE/RPC SAMR server incorrectly
 handled a non-default password check script configuration. A remote
 attacker could possibly use this issue to execute arbitrary code.
 (CVE-2026-4408)

 Ron Ben Yizhak discovered that Samba's printing subsystem incorrectly
 handled a non-default print command configuration. A remote attacker could
 possibly use this issue to execute arbitrary code. (CVE-2026-4480)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  ctdb                            2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libnss-winbind                  2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libpam-winbind                  2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libsmbclient                    2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libsmbclient-dev                2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libwbclient-dev                 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  libwbclient0                    2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  python3-samba                   2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  registry-tools                  2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba                           2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-common                    2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-common-bin                2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-dev                       2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-dsdb-modules              2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-libs                      2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  samba-vfs-modules               2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  smbclient                       2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro
  winbind                         2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8306-2
  https://ubuntu.com/security/notices/USN-8306-1
  CVE-2026-3238, CVE-2026-4408, CVE-2026-4480

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to