| Package | samba |
|---|---|
| Version | 2:4.5.16+dfsg-1+deb9u6 (stretch), 2:4.9.5+dfsg-5+deb10u6 (buster) |
| Related CVEs | CVE-2025-9640 |
A vulnerability was found in Samba, a SMB/CIFS file, print, and login server for Unix, in the streams_xattr VFS server module, where uninitialized heap memory could be written into alternate data streams. An authenticated attacker can read residual memory content that may include sensitive data.
For Debian 10 buster, these problems have been fixed in version 2:4.9.5+dfsg-5+deb10u6.
For Debian 9 stretch, these problems have been fixed in version 2:4.5.16+dfsg-1+deb9u6.
We recommend that you upgrade your samba packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.