[SECURITY] [DLA 4384-1] samba security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4384-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Paride Legovini
November 26, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : samba
Version : 2:4.13.13+dfsg-1~deb11u7
CVE ID : CVE-2025-9640
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized
heap memory could be written into alternate data streams. This allows an
authenticated user to read residual memory content that may include sensitive
data, resulting in an information disclosure vulnerability.
For Debian 11 bullseye, this problem has been fixed in version
2:4.13.13+dfsg-1~deb11u7.
We recommend that you upgrade your samba packages.
For the detailed security status of samba please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/samba
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
wsC7BAEBCgBvBYJpJ1awCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfKroXovJDTqk+h2YLJKwsO8TZOMFruEXy9nF8nSwi8
+xYhBFYa1YXu12aSG6jdltZYYYg+AU25AACDcAf9Fj296WfRhYz5/bFfuXA6t59l
UrEMA/PhsmOtnRZdBCZoOhEzKWbLuDueSP3+sucVb+XfweZ9h6lnUYSVUvEtpXQn
GEEAbS6y+U136ULBm72iwMEpWFEpJ4b1FVRce3+Ud86xL+1gSwL6zbQV+kbYyGKl
TAjjtmxBcvZC6HzHsCA82YkqSqikq/kxYylGoWcYbBHka0R3CJWMbsq5HLvQSFRp
aDG+WxmpvPh4NSwwdbly9pVuIGUF3Qk53E7ee4X5ydilyYQXgAaAJMfc4bIR4nT7
vfZXQqQQqgWlL4BX7ktJhIbSPchIBAyP8/EF/D2LYevz1Z+KT84Fez3v8zXefQ==
=l6n7
-----END PGP SIGNATURE-----
Reply to: