Ralph Boehme

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 4.21.6 **Description** The issue concerns a problem with SMB session re-authentication when using Kerberos authentication with SMB. Specifically, smbd does not pick up group membership changes when re-authenticating an expired SMB session. This means that changes in group membership are not reflected after a session re-authentication, potentially leading to unauthorized access or other security issues. **Recommendations** For versions prior to 4.21.6, update to version 4.21.6 to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources that rely on accurate group membership until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A path disclosure issue was found in Samba, related to the Spotlight protocol. This issue causes Samba to disclose the server-side absolute path of shares, files, and directories in search query results. A malicious client or an attacker with a targeted RPC request can exploit this flaw to view the disclosed path information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.