-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 09:40:47 +0300 Source: samba Architecture: source Version: 2:4.17.12+dfsg-0+deb12u4 Distribution: bookworm-security Urgency: medium Maintainer: Debian Samba Maintainers Changed-By: Michael Tokarev Changes: samba (2:4.17.12+dfsg-0+deb12u4) bookworm-security; urgency=medium . * https://bugzilla.samba.org/show_bug.cgi?id=16018 May-2026 samba security update fixing the following issues: CVE-2026-2340: vfs_worm does not block directory modification https://bugzilla.samba.org/show_bug.cgi?id=15997 CVE-2026-3012: group policy certificate enrollment uses http:// without validation https://bugzilla.samba.org/show_bug.cgi?id=16003 CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server https://bugzilla.samba.org/show_bug.cgi?id=16012 CVE-2026-4480: Unauthenticated Remote Code Execution using print command https://bugzilla.samba.org/show_bug.cgi?id=16033 CVE-2026-4408: Remote Code Execution in SAMR when check password script contains %u substitution placeholder https://bugzilla.samba.org/show_bug.cgi?id=16034 Checksums-Sha1: bf0e906218250935ece110a37f6fdd5322134da0 4889 samba_4.17.12+dfsg-0+deb12u4.dsc 8ab75cc801073f539cef3db89441a7fd193fa036 312296 samba_4.17.12+dfsg-0+deb12u4.debian.tar.xz 756eeceae0f7a65f195caf76e03ddd243454d08c 6134 samba_4.17.12+dfsg-0+deb12u4_source.buildinfo Checksums-Sha256: 02107a6ae723b73a2be6fc0a87115837ee8a773fb7486f872b6ad46ca1134b50 4889 samba_4.17.12+dfsg-0+deb12u4.dsc 138f9e9d8c48f6d7513b67567800dd1527b540eb62d9a46ed05b710337b531c6 312296 samba_4.17.12+dfsg-0+deb12u4.debian.tar.xz 523eba4c4cf78b69c435f0dd4fa2ed93de25c5a8986dc5557e87c520ed545350 6134 samba_4.17.12+dfsg-0+deb12u4_source.buildinfo Files: 0deb19f39b6a0f0e5aa3af5ace6cb224 4889 net optional samba_4.17.12+dfsg-0+deb12u4.dsc 43dcf34fc678211dc76dc7012a327b12 312296 net optional samba_4.17.12+dfsg-0+deb12u4.debian.tar.xz 84be761e0f067a51968f64fe89bdd98b 6134 net optional samba_4.17.12+dfsg-0+deb12u4_source.buildinfo -----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJqD/rsCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmcRCeiLojNuEvUQJeW9tQdJ4E9WF4VuPaQ+9YOAG59b uxYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AADJHxAAvVmtz0uX6PTlZaRqQrD0inhf flAJyHEXkzGohZInViDwDfR6b7byv4J04bbQAyJhXFToO3/0mADetVV4dOG7Y6GQ Bj5CxUIw3J0oE9JHhI2ruKj5sscqKHeHeIF7/KWBAuKZ+AM8uQSqq2DGH2dsZhD5 y97JuG16pChem0vfUuMGtAiwSGGld29bHT+KfLs70lDhJMqeupwSOxPGpKngRKBp U//4fdSV23wpQmRO2yVx2j9GVfkEp4PlDAly29Bfu3ThWuzXttyr9CKTaX4MDo8X gS2VM5+9WAyI2Jhx2WDAxZ1g7T/KroCV4x05aW+sLvZYFFKaEkv/fCRAMe2+gpjt QNzg+27HLaGm4A5Xw0q9eYmt8vp0WWaLAZWW6G/JeTGbUKYfb1Tj06/oEfK/d5yx j3hD7xMGCRnW3ltTaDiBr0W8ZIF9to+b/mtEiXEPdRCUgGX7ukrW8RKaT/i6skgj BlDYUr17QXoQM01TujHVV4aFxKQ7QtSf7nc/hAGbBdMyBFYvZ6wRTnqSNDmfO27Y XCIVJvvKuNS9aczY/VX+9Y6yCqeq8nNJecG7gf+8gF816hvGR/nRPPY4GFxOeCzL d952ABBG0GVBmK0OdTrT6sfYkCMZdSYxS71Tx+4+NtRKVn80Tg/uFAjJJSyqQzO7 1OcuhzwRRfz4H4RuUiM= =QeiM -----END PGP SIGNATURE-----