Samba 4.21.9 (gzipped)
Signature
Patch (gzipped) against Samba 4.21.8
Signature
==============================
Release Notes for Samba 4.21.9
October 15, 2025
==============================
This is a security release in order to address the following defects:
o CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr.
https://www.samba.org/samba/security/CVE-2025-9640.html
o CVE-2025-10230: Command injection via WINS server hook script.
https://www.samba.org/samba/security/CVE-2025-10230.html
Changes since 4.21.8
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15903: CVE-2025-10230.
o Andrew Walker <andrew.walker@truenas.com>
* BUG 15885: CVE-2025-9640.