{"affected":[{"ecosystem_specific":{"binaries":[{"ldb-tools":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","libldb-devel":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","libldb2":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","libldb2-32bit":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","python3-ldb":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-ceph":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-client":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-client-libs":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-client-libs-32bit":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-dcerpc":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-devel":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-gpupdate":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-ldb-ldap":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-libs":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-libs-32bit":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-libs-python3":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-python3":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-tool":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-winbind":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-winbind-libs":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2","samba-winbind-libs-32bit":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"samba","purl":"pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ctdb":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 15 SP7","name":"samba","purl":"pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.21.8+git.418.e80c9b2a88c-150700.3.11.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for samba fixes the following issues:\n\n- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).\n- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).\n\nUpdate to 4.21.8:\n\n  * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with\n    SysvolReady=0; (bso#14981).\n  * getpwuid does not shift to new DC when current DC is down;\n    (bso#15844).\n  * Windows security hardening locks out schannel'ed netlogon dc\n    calls like netr_DsRGetDCName; (bso#15876).\n  * kinit command is failing with Missing cache Error;\n    (bso#15840).\n  * Figuring out the DC name from IP address fails and breaks\n    fork_domain_child(); (bso#15891).\n  * Delayed leader broadcast can block ctdb forever; (bso#15892).\n  * 'net ads group' failed to list domain groups; (bso#15900).\n  * Apparently there is a conflict between shadow_copy2 module\n    and virusfilter (action quarantine); (bso#15663).\n  * Fix handling of empty GPO link; (bso#15877).\n  * SMB ACL inheritance doesn't work for files created;\n    (bso#15880).\n","id":"SUSE-SU-2025:3676-1","modified":"2025-10-20T08:26:22Z","published":"2025-10-20T08:26:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20253676-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251279"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251280"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-10230"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9640"}],"related":["CVE-2025-10230","CVE-2025-9640"],"summary":"Security update for samba","upstream":["CVE-2025-10230","CVE-2025-9640"]}