Package "cifs-utils"
Links
Download "cifs-utils"
Other versions of "cifs-utils" in Focal
Changelog
cifs-utils (2:6.9-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: command injection via shell
- debian/patches/CVE-2020-14342.patch: fix injection in mount.cifs.c.
- CVE-2020-14342
* SECURITY UPDATE: krb5 credential use from host
- debian/patches/CVE-2021-20208-1.patch: try to use container
namespaces in cifs.upcall.c.
- debian/patches/CVE-2021-20208-2.patch: fix regression in kerberos
mount in cifs.upcall.c.
- CVE-2021-20208
* SECURITY UPDATE: buffer overflow in ip= command-line argument
- debian/patches/CVE-2022-27239.patch: fix length check for ip option
parsing in mount.cifs.c.
- CVE-2022-27239
* SECURITY UPDATE: information leak via verbose logging
- debian/patches/CVE-2022-29869.patch: fix verbose messages on option
parsing in mount.cifs.c.
- CVE-2022-29869
-- Marc Deslauriers <email address hidden> Wed, 01 Jun 2022 12:12:44 -0400
|
Source diff to previous version |
CVE-2020-14342 |
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. A |
CVE-2021-20208 |
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credent |
CVE-2022-27239 |
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining |
CVE-2022-29869 |
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid creden |
|
cifs-utils (2:6.9-1ubuntu0.1) focal; urgency=medium
* Add 'keys' command to smbinfo (LP: #1886551):
- d/p/0002-smbinfo-Improve-help-usage-and-add-h-option.patch
- d/p/0003-smbinfo-add-GETCOMPRESSION-support.patch
- d/p/0004-smbinfo-print-the-security-information-needed-to-dec.patch
- d/p/0005-smbinfo-Add-SETCOMPRESSION-support.patch
- d/p/0006-smbinfo.rst-document-new-keys-command.patch
-- Ioanna Alifieraki <email address hidden> Mon, 14 Sep 2020 12:55:41 +0100
|
|
About
-
Send Feedback to @ubuntu_updates