Your message dated Fri, 02 Jan 2026 14:34:54 +0000
with message-id <[email protected]>
and subject line Bug#1122381: fixed in smb4k 4.0.0-1+deb13u1
has caused the Debian Bug report #1122381,
regarding smb4k: CVE-2025-66002 CVE-2025-66003
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122381
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: smb4k
Version: 4.0.4-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for smb4k.
CVE-2025-66002[0]:
| local users can perform arbitrary unmounts via the smb4k mount
| helper due to lack of input validation.
CVE-2025-66003[1]:
| local users can perform a local root exploit via the smb4k mount
| helper if they can access and control the contents of a Samba
| network share.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-66002
https://www.cve.org/CVERecord?id=CVE-2025-66002
[1] https://security-tracker.debian.org/tracker/CVE-2025-66003
https://www.cve.org/CVERecord?id=CVE-2025-66003
[2] https://www.openwall.com/lists/oss-security/2025/12/10/6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: smb4k
Source-Version: 4.0.0-1+deb13u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
smb4k, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated smb4k package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Dec 2025 10:40:36 +0100
Source: smb4k
Architecture: source
Version: 4.0.0-1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian KDE Extras Team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1122381
Changes:
smb4k (4.0.0-1+deb13u1) trixie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix two security issues in the KAuth mounthelper:
- CVE-2025-66002: local users can perform arbitrary unmounts via
smb4kmounthelper due to lack of input validation
- CVE-2025-66003: local users can perform a local root exploit via smb4k
mounthelper if they can access and control the contents of a Samba share
(Closes: #1122381)
* Merge Smb4KHardwareInterface class from master so that the merged security
fixes can be compiled
Checksums-Sha1:
b0c5a5020f122d455edbe94d45f6fdfe3c814cbf 2994 smb4k_4.0.0-1+deb13u1.dsc
dbe96db0505cba109068084d07303e400df9ec2c 4852924 smb4k_4.0.0.orig.tar.xz
58cd2c7be587b9e890de1279c2b17aea0507e654 38496
smb4k_4.0.0-1+deb13u1.debian.tar.xz
ca260e59e77bb09a0887e24745a3cc3e413f6a4c 6243
smb4k_4.0.0-1+deb13u1_source.buildinfo
Checksums-Sha256:
c5ed6dc8bb975cedf511212a0f4878d0dd969c71159036f7a9b3ebcb37474747 2994
smb4k_4.0.0-1+deb13u1.dsc
d7da661711c9bc565cc4c14713e3ea5916dca245fddfa00fa0441763985b1bae 4852924
smb4k_4.0.0.orig.tar.xz
a4c8ce7ce93fa4702b0f65acf432ce5cebfa1a439f5cb3de0a9abefff5f4ecb2 38496
smb4k_4.0.0-1+deb13u1.debian.tar.xz
8789e8880de9f7527fbb4487247b87e826007a0ff712f78efbccf59f9622a87b 6243
smb4k_4.0.0-1+deb13u1_source.buildinfo
Files:
188ce8cdfa91c312d79b6067694d5500 2994 kde optional smb4k_4.0.0-1+deb13u1.dsc
09eaa3f79339115a4da2c9fe648318ea 4852924 kde optional smb4k_4.0.0.orig.tar.xz
85a810b59b286faacae0cef4a4236e79 38496 kde optional
smb4k_4.0.0-1+deb13u1.debian.tar.xz
74d94d4d4b9a5efc670b99923d1533c6 6243 kde optional
smb4k_4.0.0-1+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmlVEEdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQlgP+gPtqNuVILRGOnS6lItBTHZUNa7z+G0o
8laCa1cPL6KUXF8JmMj+1qVdaufXLpsGV/T1HX8Wni42bdao/+aPKPmFmzOgHwC5
LHZEDJTgLpA3FRQJmrnj36eToFklEypfVa9mWNEp/mi1f4CSFMigrGp0qVvsVTy2
xKB7WVgE9lC26tIH4Brj5lqOkWwrYs78ncZd+9b9Rr8sChgEbu2A9Uou9bIsIgu2
dyawpK6+0EYnRuGZpFWGBXvxXDA/u0GY7Lg5/kusbiecVlLrPf6CjtivJvYNcIev
fxVkbdFJ8fRLLYol1NEccinyOoz7y/Y3l4nYRWoXQw80Ic0DxBZsml43s0uUjr6i
PDl5U1TAdGE+jKm/o8JcAL8qX+1JvHtzhWmYgAgqqZXltYESwF7VjYbISao4h6er
9gU1ZALlq7RMiVofqXlaWJ2Mvt7KLr1nK4rSvt4tocsZKMXAXmCGsexq+pbrm/zQ
ub9qCHDb8xxt718fn86OsFGLXVtg+J/+N3kLGJCnGb2j4TxPpS1+n6OZxTjABMzi
riJfr6kX1/wwnGV1U/iW4vEY6B0g+Ls1+65en8fsLOvbR3FpJ75X/6QRUFU8UK3R
gq/jwTcpubdRoXBQ6WFsIotL2LcJ/g0j0rAtzRNBqsHFFAEMBSijMr9NUQroMsWG
cCXKXtUQbDeL
=zDqX
-----END PGP SIGNATURE-----
pgpn8NVjTOVdV.pgp
Description: PGP signature
--- End Message ---
