Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-0620

created 4 months, 3 weeks ago

Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

Affected products

rhcos

samba

<4.21.6

samba4

Matching in nixpkgs

pkgs.samba4

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable -
- nixpkgs-unstable 4.22.3

pkgs.sambamba

SAM/BAM processing tool

nixos-unstable -
- nixpkgs-unstable 1.0.1

pkgs.sambaFull

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable -
- nixpkgs-unstable 4.22.3

pkgs.samba4Full

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable -
- nixpkgs-unstable 4.22.3

Package maintainers

@aneeshusa Aneesh Agrawal <aneeshusa@gmail.com>
@jbedo Justin Bedő <cu@cua0.org>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.samba4

pkgs.sambamba

pkgs.sambaFull

pkgs.samba4Full

Package maintainers