oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 3 Jun 2025 09:54:38 -0700



-------- Forwarded Message --------
Subject: [Announce] Samba 4.21.6 Available for Download
Date: Tue, 3 Jun 2025 09:11:55 +0200
From: Jule Anger via samba-announce <samba-announce () lists samba org>
Reply-To: Jule Anger <janger () samba org>
To: samba-announce () lists samba org, samba () lists samba org, samba-technical () lists samba org 

Release Announcements
---------------------

This is the latest stable release of the Samba 4.21 release series.
It contains the security-relevant bugfix CVE-2025-0620:

    smbd doesn't pick up group membership changes
    when re-authenticating an expired SMB session
    https://www.samba.org/samba/security/CVE-2025-0620.html


Description of CVE-2025-0620
-----------------------------

    With Kerberos authentication SMB sessions typically have an
    associated lifetime, requiring re-authentication by the
    client when the session expires. As part of the
    re-authentication, Samba receives the current group
    membership information and is expected to reflect this
    change in further SMB request processing.

    For historic reasons, Samba maintains a cache of
    associations between a user's impersonation information and
    connected shares. A recent change in this cache caused Samba
    to not reflect group membership changes from session
    re-authentication when processing further SMB requests.

    As a result, when an administrator removes a user from a
    particular group in Active Directory, this change will not
    become effective unless the user disconnects from the server
    and establishes a new connection.


Changes since 4.21.5
--------------------

o  Douglas Bagnall <douglas.bagnall () catalyst net nz>
   * BUG 15774: Running "gpo manage motd set" twice fails with backtrace.
   * BUG 15829: samba-tool gpo backup creates entity backups it can't read.
   * BUG 15839: gp_cert_auto_enroll_ext.py has problem unpacking GUIDs with
     prepended 0's.

o  Ralph Boehme <slow () samba org>
   * BUG 15707: CVE-2025-0620 [SECURITY] smbd doesn't pick up group membership
     changes when re-authenticating an expired SMB session.
   * BUG 15767: Deadlock between two smbd processes.

o  Pavel Filipenský <pfilipensky () samba org>
   * BUG 15727: net ad join fails with "Failed to join domain: failed to create
     kerberos keytab".

o  Andreas Hasenack <andreas.hasenack () canonical com>
   * BUG 15774: Running "gpo manage motd set" twice fails with backtrace.

o  Volker Lendecke <vl () samba org>
   * BUG 15841: Wide link issue in samba 4.22.

o  Stefan Metzmacher <metze () samba org>
   * BUG 15767: Deadlock between two smbd processes.
   * BUG 15851: dcerpcd not able to bind to listening port.

o  Anoop C S <anoopcs () samba org>
   * BUG 15819: vfs_ceph_snapshots fails to list snapshots for entries at any
     level beyond share root.

o  Martin Schwenke <mschwenke () ddn com>
   * BUG 15858: CTDB does not put nodes running NFS into grace on graceful
     shutdown.


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical:matrix.org matrix room, or
#samba-technical IRC channel on irc.libera.chat.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================



================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID AA99442FB680B620).  The source code can be downloaded
from:

        https://download.samba.org/pub/samba/stable/

The release notes are available online at:

        https://www.samba.org/samba/history/samba-4.21.6.html

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team
Previous By Date Next
Previous By Thread Next

Current thread: