In addition to addressing CVE-2025-0620, the update resolves several other issues, including:
- Profile synchronization failures due to directory leases.
- Problems with the net ad join command failing due to Kerberos keytab creation errors.
- The dcerpcd daemon's inability to bind to the listening port.
- The vfs_ceph_snapshots module failing to list snapshots beyond the share root.
- The Clustered Trivial Database (CTDB) not correctly handling nodes running NFS during graceful shutdowns.
Users are encouraged to download Samba 4.22.2, which includes these fixes and enhancements. The release can be obtained from the official Samba download page, with accompanying release notes available online.
For discussions regarding this release, users can join the samba-technical mailing list or the #samba-technical channel on IRC. Feedback and bug reports are welcome, but users are advised to provide detailed information to facilitate effective troubleshooting.
Extended Summary:
Samba's ongoing commitment to enhancing security and functionality is evident in this latest release. The introduction of CVE-2025-0620 highlights the importance of addressing vulnerabilities that can impact user access and permissions in network environments. The update not only solves this critical issue but also improves overall system reliability by fixing various bugs that have been identified in previous versions. Users are encouraged to stay updated with the latest releases and participate in the community discussions for ongoing improvements and support. Regular updates such as these are crucial for maintaining secure and efficient network file sharing and printing services
Samba 4.22.2 released
Samba 4.22.2 has been released and is the most recent stable release within the Samba 4.22 series, which includes a security-related bug fix identified as CVE-2025-0620. This update addresses an issue in which Samba fails to recognize changes in group membership during the reauthentication of an expired SMB session. This issue arises when Samba retains a cache of associations between a user's impersonation details and connected shares. The update impacts users who remove an individual from a group in Active Directory, resulting in the change not taking effect until the user disconnects from the server and initiates a new connection. The release also addresses additional issues, including profile synchronization failures related to directory leases, failures in net ad join, dcerpcd not binding to the listening port, and CTDB not placing nodes running NFS into grace during a graceful shutdown.
