Alert GCSA-26097 - Aggiornamento di sicurezza per Samba server
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26097
data: 29 maggio 2026
titolo: Aggiornamento di sicurezza per Samba server
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni del server Samba
(SMB/CIFS file, print, and login server for Unix),
con le quali vengono risolte alcune vulnerabilita',
delle quali due con gravita' "critica" e tre con gravita' "alta".
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Samba file server versioni precedenti alla 4.24.3
Samba file server versioni precedenti alla 4.23.8
Samba file server versioni precedenti alla 4.22.10
:: Impatto
Bypass delle funzionalita' di sicurezza (SFB)
Denial of Service (DoS)
Esecuzione remota di codice arbitrario (RCE)
:: Soluzioni
Applicare le seguenti patch
https://www.samba.org/samba/history/security.html
oppure aggiornare alle ultime versioni
https://www.samba.org/samba/history/samba-4.24.3.html
https://www.samba.org/samba/history/samba-4.23.8.html
https://www.samba.org/samba/history/samba-4.22.10.html
https://www.samba.org/samba/download/
:: Riferimenti
Samba Announcement
https://www.samba.org/samba/security/CVE-2026-4408.html
https://www.samba.org/samba/security/CVE-2026-4480.html
https://www.samba.org/samba/security/CVE-2026-2340.html
https://www.samba.org/samba/security/CVE-2026-3012.html
https://www.samba.org/samba/security/CVE-2026-3238.html
https://www.samba.org/samba/security/CVE-2026-1933.html
Mitre's CVE ID
https://www.cve.org/CVERecord?id=CVE-2026-4408
https://www.cve.org/CVERecord?id=CVE-2026-4480
https://www.cve.org/CVERecord?id=CVE-2026-2340
https://www.cve.org/CVERecord?id=CVE-2026-3012
https://www.cve.org/CVERecord?id=CVE-2026-3238
https://www.cve.org/CVERecord?id=CVE-2026-1933
Debian
https://lists.debian.org/debian-security-announce/2026/msg00208.html
https://security-tracker.debian.org/tracker/DSA-6297-1
Ubuntu
https://ubuntu.com/security/notices/USN-8306-1
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCahlYwgAKCRDBnEyTZRJg
Qr5mAKCwG0uNxLmJDwL6C4EU3FKtGZgUzQCg1tC2Lzv1EObsXoFKyIzfflYZzZg=
=T8NA
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26097
data: 29 maggio 2026
titolo: Aggiornamento di sicurezza per Samba server
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni del server Samba
(SMB/CIFS file, print, and login server for Unix),
con le quali vengono risolte alcune vulnerabilita',
delle quali due con gravita' "critica" e tre con gravita' "alta".
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Samba file server versioni precedenti alla 4.24.3
Samba file server versioni precedenti alla 4.23.8
Samba file server versioni precedenti alla 4.22.10
:: Impatto
Bypass delle funzionalita' di sicurezza (SFB)
Denial of Service (DoS)
Esecuzione remota di codice arbitrario (RCE)
:: Soluzioni
Applicare le seguenti patch
https://www.samba.org/samba/history/security.html
oppure aggiornare alle ultime versioni
https://www.samba.org/samba/history/samba-4.24.3.html
https://www.samba.org/samba/history/samba-4.23.8.html
https://www.samba.org/samba/history/samba-4.22.10.html
https://www.samba.org/samba/download/
:: Riferimenti
Samba Announcement
https://www.samba.org/samba/security/CVE-2026-4408.html
https://www.samba.org/samba/security/CVE-2026-4480.html
https://www.samba.org/samba/security/CVE-2026-2340.html
https://www.samba.org/samba/security/CVE-2026-3012.html
https://www.samba.org/samba/security/CVE-2026-3238.html
https://www.samba.org/samba/security/CVE-2026-1933.html
Mitre's CVE ID
https://www.cve.org/CVERecord?id=CVE-2026-4408
https://www.cve.org/CVERecord?id=CVE-2026-4480
https://www.cve.org/CVERecord?id=CVE-2026-2340
https://www.cve.org/CVERecord?id=CVE-2026-3012
https://www.cve.org/CVERecord?id=CVE-2026-3238
https://www.cve.org/CVERecord?id=CVE-2026-1933
Debian
https://lists.debian.org/debian-security-announce/2026/msg00208.html
https://security-tracker.debian.org/tracker/DSA-6297-1
Ubuntu
https://ubuntu.com/security/notices/USN-8306-1
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCahlYwgAKCRDBnEyTZRJg
Qr5mAKCwG0uNxLmJDwL6C4EU3FKtGZgUzQCg1tC2Lzv1EObsXoFKyIzfflYZzZg=
=T8NA
-----END PGP SIGNATURE-----