-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4384-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini November 26, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : samba Version : 2:4.13.13+dfsg-1~deb11u7 CVE ID : CVE-2025-9640 A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability. For Debian 11 bullseye, this problem has been fixed in version 2:4.13.13+dfsg-1~deb11u7. We recommend that you upgrade your samba packages. For the detailed security status of samba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/samba Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- wsC7BAEBCgBvBYJpJ1awCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfKroXovJDTqk+h2YLJKwsO8TZOMFruEXy9nF8nSwi8 +xYhBFYa1YXu12aSG6jdltZYYYg+AU25AACDcAf9Fj296WfRhYz5/bFfuXA6t59l UrEMA/PhsmOtnRZdBCZoOhEzKWbLuDueSP3+sucVb+XfweZ9h6lnUYSVUvEtpXQn GEEAbS6y+U136ULBm72iwMEpWFEpJ4b1FVRce3+Ud86xL+1gSwL6zbQV+kbYyGKl TAjjtmxBcvZC6HzHsCA82YkqSqikq/kxYylGoWcYbBHka0R3CJWMbsq5HLvQSFRp aDG+WxmpvPh4NSwwdbly9pVuIGUF3Qk53E7ee4X5ydilyYQXgAaAJMfc4bIR4nT7 vfZXQqQQqgWlL4BX7ktJhIbSPchIBAyP8/EF/D2LYevz1Z+KT84Fez3v8zXefQ== =l6n7 -----END PGP SIGNATURE-----
