Bug 34672 - samba new security issues CVE-2018-14628, CVE-2025-10230 and CVE-2025-9640
Summary: samba new security issues CVE-2018-14628, CVE-2025-10230 and CVE-2025-9640
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords: advisory
Depends on:
Blocks:
 
Reported: 2025-10-16 11:12 CEST by Nicolas Salguero
Modified: 2026-05-14 01:01 CEST (History)
3 users (show)

See Also:
Source RPM: samba-4.17.12-1.1.mga9.src.rpm
CVE: CVE-2018-14628, CVE-2025-10230, CVE-2025-9640
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-10-16 11:12:05 CEST 
Those issues were announced here:
https://www.openwall.com/lists/oss-security/2025/10/15/2
Nicolas Salguero 2025-10-16 11:12:36 CEST

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2025-10230, CVE-2025-9640
Source RPM: (none) => samba-4.22.4-1.mga10.src.rpm, samba-4.17.12-1.mga9.src.rpm

Comment 1 Marja Van Waes 2025-10-16 22:22:33 CEST 
Assigning to the registered maintainer.

Assignee: bugsquad => bgmilne
CC: (none) => marja11

katnatek 2025-10-19 19:11:44 CEST

Blocks: (none) => 34665

katnatek 2025-10-29 02:32:23 CET

Blocks: 34665 => (none)

Nicolas Salguero 2025-11-07 22:34:24 CET

Version: Cauldron => 9
Source RPM: samba-4.22.4-1.mga10.src.rpm, samba-4.17.12-1.mga9.src.rpm => samba-4.17.12-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)

Comment 2 Lewis Smith 2026-04-16 21:07:01 CEST 
(In reply to Marja Van Waes from comment #1)
> Assigning to the registered maintainer.
Buchan... I do not know if he is still with us, but his last involvement with samba was 2y ago; since when DavidG has done almost all updates.
Re-assigning globally, CC'ing DavidG.

CC: (none) => geiger.david68210
Assignee: bgmilne => pkg-bugs

Nicolas Salguero 2026-05-13 15:31:11 CEST

Summary: samba new security issues CVE-2025-10230 and CVE-2025-9640 => samba new security issues CVE-2018-14628, CVE-2025-10230 and CVE-2025-9640
CVE: CVE-2025-10230, CVE-2025-9640 => CVE-2018-14628, CVE-2025-10230, CVE-2025-9640

Nicolas Salguero 2026-05-13 16:22:50 CEST

Source RPM: samba-4.17.12-1.mga9.src.rpm => samba-4.17.12-1.1.mga9.src.rpm

Comment 3 Nicolas Salguero 2026-05-13 16:41:57 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. (CVE-2018-14628)

Command injection in wins server hook script. (CVE-2025-10230)

vfs_streams_xattr uninitialized memory write possible. (CVE-2025-9640)

References:
https://www.openwall.com/lists/oss-security/2025/10/15/2
========================

Updated packages in core/updates_testing:
========================
ctdb-4.17.12-1.2.mga9
lib(64)samba-dc0-4.17.12-1.2.mga9
lib(64)samba-devel-4.17.12-1.2.mga9
lib(64)samba-test0-4.17.12-1.2.mga9
lib(64)samba1-4.17.12-1.2.mga9
lib(64)smbclient-devel-4.17.12-1.2.mga9
lib(64)smbclient0-4.17.12-1.2.mga9
lib(64)wbclient-devel-4.17.12-1.2.mga9
lib(64)wbclient0-4.17.12-1.2.mga9
python3-samba-4.17.12-1.2.mga9
samba-4.17.12-1.2.mga9
samba-client-4.17.12-1.2.mga9
samba-common-4.17.12-1.2.mga9
samba-dc-4.17.12-1.2.mga9
samba-krb5-printing-4.17.12-1.2.mga9
samba-test-4.17.12-1.2.mga9
samba-usershares-4.17.12-1.2.mga9
samba-winbind-4.17.12-1.2.mga9
samba-winbind-clients-4.17.12-1.2.mga9
samba-winbind-krb5-locator-4.17.12-1.2.mga9
samba-winbind-modules-4.17.12-1.2.mga9

from SRPM:
samba-4.17.12-1.2.mga9.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED

PC LX 2026-05-14 00:16:02 CEST

CC: (none) => mageia

katnatek 2026-05-14 01:01:27 CEST

Keywords: (none) => advisory
Note You need to log in before you can comment on or make changes to this bug.