Ubuntu Security Notice 6425-1 - Sri Nagasubramanian discovered that the Samba acl_xattr VFS module incorrectly handled read-only files. When Samba is configured to ignore system ACLs, a remote attacker could possibly use this issue to truncate read-only files. Andrew Bartlett discovered that Samba incorrectly handled the DirSync control. A remote attacker with an RODC DC account could possibly use this issue to obtain all domain secrets.
f397259561acfee51e63bb0dfdc0aef2cf6928b2353b00aa36765953ff3a4818