1. Ubuntu Security Notices
  2. USN-7582-2

USN-7582-2: Samba regression

Publication date

30 June 2025

Overview

USN-7582-1 introduced a regression in Samba.

Releases

Packages

  • samba - SMB/CIFS file, print, and login server for Unix

Details

USN-7582-1 fixed vulnerabilities in Samba. The update introduced a
regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Evgeny Legerov discovered that Samba incorrectly handled buffers in
certain GSSAPI routines of Heimdal. A remote attacker could possibly use
this issue to cause Samba to crash, resulting in a denial of service.
(CVE-2022-3437)

Greg Hudson discovered that Samba incorrectly handled PAC parsing. On
32-bit systems, a remote attacker could use this issue to escalate
privileges, or possibly execute arbitrary code. (CVE-2022-42898)

Joseph Sutton discovered that Samba could be forced to issue rc4-hmac
encrypted Kerberos tickets. A remote attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS....

USN-7582-1 fixed vulnerabilities in Samba. The update introduced a
regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Evgeny Legerov discovered that Samba incorrectly handled buffers in
certain GSSAPI routines of Heimdal. A remote attacker could possibly use
this issue to cause Samba to crash, resulting in a denial of service.
(CVE-2022-3437)

Greg Hudson discovered that Samba incorrectly handled PAC parsing. On
32-bit systems, a remote attacker could use this issue to escalate
privileges, or possibly execute arbitrary code. (CVE-2022-42898)

Joseph Sutton discovered that Samba could be forced to issue rc4-hmac
encrypted Kerberos tickets. A remote attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2022-45141)

Florent Saudel discovered that Samba incorrectly handled certain Spotlight
requests. A remote attacker could possibly use this issue to cause Samba
to consume resources, leading to a denial of service. (CVE-2023-34966)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic samba –  2:4.7.6+dfsg~ubuntu-0ubuntu2.29+esm2  
16.04 xenial samba –  2:4.3.11+dfsg-0ubuntu0.16.04.34+esm3  
14.04 trusty samba –  2:4.3.11+dfsg-0ubuntu0.14.04.20+esm14  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›