Samba 4.22.5 (gzipped)
Signature
Patch (gzipped) against Samba 4.22.4
Signature
==============================
Release Notes for Samba 4.22.5
October 15, 2025
==============================
This is a security release in order to address the following defects:
o CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr.
https://www.samba.org/samba/security/CVE-2025-9640.html
o CVE-2025-10230: Command injection via WINS server hook script.
https://www.samba.org/samba/security/CVE-2025-10230.html
Changes since 4.22.4
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15903: CVE-2025-10230.
o Andrew Walker <andrew.walker@truenas.com>
* BUG 15885: CVE-2025-9640.