[SECURITY] [DSA 6092-1] smb4k security update

---

---

• To: debian-security-announce@lists.debian.org
• Subject: [SECURITY] [DSA 6092-1] smb4k security update
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Thu, 01 Jan 2026 22:26:13 +0000
• Message-id: <[🔎] E1vbR7V-00CDkn-2L@seger.debian.org>
• Reply-to: debian-security-announce-request@lists.debian.org

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6092-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
January 01, 2026                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : smb4k
CVE ID         : CVE-2025-66002 CVE-2025-66003
Debian Bug     : 1122381

Two vulnerabilities were discovered in smb4k, a KDE desktop utility
which allows unprivileged mounting of Samba/CIFS network shares, which
may result in local denial of service or local privilege escalation.

For the stable distribution (trixie), these problems have been fixed in
version 4.0.0-1+deb13u1.

We recommend that you upgrade your smb4k packages.

For the detailed security status of smb4k please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/smb4k

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmlW9EpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T1jw/+ImQXgIzE8dTKQAgoj1XvoNfHYFzoNNVygu5fzsXZxcx0bw7sam9zz/jq
7pkLxaQi3gM3fSVnWRyl03laRbjcRBlCqmGV80oQ23NXJRmw8eEr9Dgz763Uh85h
cPK4LuIFMu1MVgH10y371j8P6j+C+rBQbw+6r5blQndCfDVo4rHLHsm59ExkUyac
2nEBRV3q2bQWEEKxPU6OKnc2XsIhSRmqVVymnXcZRt9eEH1j0Vfp+WynT3giqnJH
ZQnc+6D+/TvP8f6HMZFHGJQ5bt0Sm+cvC14+jDueZZQU7z92ia0YqISlBF7sNXiA
fEzMqiSj5mlTdfdticj5lpzm8RHHLP+Hr/ZeehDHbEyosMvTQ6GzPImrxi/zJGeJ
0JvshbQ58J0DCA79MIa9Xyx34yrdiHCr8LpUnsTp6Nia++YGDQJJ61K9XmWsVH+e
BwLywvWacgYPuYwV4YwZ7Sa3WlqVeEcE77UIhCG7SG9Z/Y6Enq4FEMLmTsYemMVy
OiyYDaYXi4GmmdE5lOfSB1lJyPPYWIluOF212koHFOqjjw7sSWheqwsMEBPnJMnN
fxV9AZSgiTFPaLGaNHi2JImg0kq0aflDIPrixxRcfntqyehqnVA929UIAH+YHnKc
iywLBSvP/B8i9aX3JwoREY4BGGjVQDrwurZ/4jI4H8qd8oyv8gg=
=vVBe
-----END PGP SIGNATURE-----

---

Reply to:

• debian-security-announce@lists.debian.org
• Salvatore Bonaccorso (on-list)
• Salvatore Bonaccorso (off-list)

---

• Next by Date: [SECURITY] [DSA 6093-1] gimp security update
• Next by thread: [SECURITY] [DSA 6093-1] gimp security update
• Index(es):
  • Date
  • Thread