{"id":"USN-8306-2","summary":"samba vulnerabilities","details":"USN-8306-1 fixed vulnerabilities in Samba. This update provides the\ncorresponding updates for CVE-2026-3238, CVE-2026-4408, and\nCVE-2026-4480 in Ubuntu 20.04 LTS.\n\nOriginal advisory details:\n\n Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access\n checks on reparse point operations. An attacker could possibly use this\n issue to modify reparse point extended attributes on files that should\n have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu\n 26.04 LTS. (CVE-2026-1933)\n\n Pavel Kohout discovered that Samba's vfs_worm module did not properly\n block file overwrites. An attacker could possibly use this issue to\n overwrite files that should have remained immutable. (CVE-2026-2340)\n\n Arad Inbar, Nir Somech, and Ben Grinberg discovered that Samba incorrectly\n handled certificate auto-enrolment group policies over HTTP without\n verification. A machine-in-the-middle attacker could possibly use this\n issue to install a malicious CA certificate. This issue only affected\n Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-3012)\n\n Arad Inbar, Erez Cohen, Nir Somech, and Ben Grinberg discovered that\n Samba's Active Directory Domain Controller WINS server could be made to\n crash under certain circumstances. A remote attacker could possibly use\n this issue to cause a denial of service. (CVE-2026-3238)\n\n Ron Ben Yizhak discovered that Samba's DCE/RPC SAMR server incorrectly\n handled a non-default password check script configuration. A remote\n attacker could possibly use this issue to execute arbitrary code.\n (CVE-2026-4408)\n\n Ron Ben Yizhak discovered that Samba's printing subsystem incorrectly\n handled a non-default print command configuration. A remote attacker could\n possibly use this issue to execute arbitrary code. (CVE-2026-4480)","modified":"2026-06-10T22:29:12.674603410Z","published":"2026-06-10T16:47:27Z","related":["UBUNTU-CVE-2026-3238","UBUNTU-CVE-2026-4408","UBUNTU-CVE-2026-4480"],"upstream":["CVE-2026-3238","CVE-2026-4408","CVE-2026-4480","UBUNTU-CVE-2026-3238","UBUNTU-CVE-2026-4408","UBUNTU-CVE-2026-4480"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8306-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-3238"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-4408"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-4480"}],"affected":[{"package":{"name":"samba","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/samba?arch=source&distro=esm-infra%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2"}]}],"versions":["2:4.10.7+dfsg-0ubuntu2","2:4.10.7+dfsg-0ubuntu3","2:4.11.1+dfsg-3ubuntu1","2:4.11.1+dfsg-3ubuntu2","2:4.11.1+dfsg-3ubuntu4","2:4.11.5+dfsg-1ubuntu1","2:4.11.5+dfsg-1ubuntu2","2:4.11.6+dfsg-0ubuntu1","2:4.11.6+dfsg-0ubuntu1.1","2:4.11.6+dfsg-0ubuntu1.2","2:4.11.6+dfsg-0ubuntu1.3","2:4.11.6+dfsg-0ubuntu1.4","2:4.11.6+dfsg-0ubuntu1.5","2:4.11.6+dfsg-0ubuntu1.6","2:4.11.6+dfsg-0ubuntu1.8","2:4.11.6+dfsg-0ubuntu1.9","2:4.11.6+dfsg-0ubuntu1.10","2:4.13.14+dfsg-0ubuntu0.20.04.1","2:4.13.14+dfsg-0ubuntu0.20.04.2","2:4.13.14+dfsg-0ubuntu0.20.04.3","2:4.13.14+dfsg-0ubuntu0.20.04.4","2:4.13.17~dfsg-0ubuntu0.21.04.1","2:4.13.17~dfsg-0ubuntu0.21.04.2","2:4.13.17~dfsg-0ubuntu1.20.04.1","2:4.13.17~dfsg-0ubuntu1.20.04.2","2:4.13.17~dfsg-0ubuntu1.20.04.4","2:4.13.17~dfsg-0ubuntu1.20.04.5","2:4.15.13+dfsg-0ubuntu0.20.04.1","2:4.15.13+dfsg-0ubuntu0.20.04.2","2:4.15.13+dfsg-0ubuntu0.20.04.3","2:4.15.13+dfsg-0ubuntu0.20.04.4","2:4.15.13+dfsg-0ubuntu0.20.04.5","2:4.15.13+dfsg-0ubuntu0.20.04.6","2:4.15.13+dfsg-0ubuntu0.20.04.7","2:4.15.13+dfsg-0ubuntu0.20.04.8","2:4.15.13+dfsg-0ubuntu0.20.04.8+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"ctdb"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"libnss-winbind"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"libpam-winbind"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"libsmbclient"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"libwbclient0"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"python3-samba"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"registry-tools"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"samba"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"samba-common"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"samba-common-bin"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"samba-dsdb-modules"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"samba-libs"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"samba-testsuite"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"samba-vfs-modules"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"smbclient"},{"binary_version":"2:4.15.13+dfsg-0ubuntu0.20.04.8+esm2","binary_name":"winbind"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-3238","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-4408","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-4480","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8306-2.json"}}],"schema_version":"1.7.5"}