UbuntuUpdates.org

Package "cifs-utils"

Name: cifs-utils

Description:

Common Internet File System utilities

Latest version: 2:6.14-1ubuntu0.6
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.samba.org/~jlayton/cifs-utils/

Links


Download "cifs-utils"


Other versions of "cifs-utils" in Jammy

Repository Area Version
base main 2:6.14-1build1
updates main 2:6.14-1ubuntu0.6

Changelog

Version: 2:6.14-1ubuntu0.6 2026-07-13 14:10:33 UTC

  cifs-utils (2:6.14-1ubuntu0.6) jammy-security; urgency=medium

  * SECURITY UPDATE: insecure user information lookup
    - debian/patches/CVE-2026-12505.patch: cifs.upcall: remove getpwuid()
      dependency in cifs.upcall.c.
    - debian/patches/CVE-2026-12505-2.patch: cifs.upcall: fix compiler warning
      with -Wvla in cifs.upcall.c.
    - debian/patches/CVE-2026-12505-3.patch: cifs.upcall: fix regression with
      krb5 + creduid in cifs.upcall.c.
    - CVE-2026-12505

 -- Marc Deslauriers <email address hidden> Fri, 10 Jul 2026 13:59:44 -0400

Source diff to previous version
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

Version: 2:6.14-1ubuntu0.5 2026-07-03 20:07:23 UTC

  cifs-utils (2:6.14-1ubuntu0.5) jammy-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:55:58 -0400

Source diff to previous version
2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

Version: 2:6.14-1ubuntu0.4 2026-07-02 16:07:31 UTC

  cifs-utils (2:6.14-1ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: insecure user information lookup
    - debian/patches/CVE-2026-12505.patch: cifs.upcall: remove getpwuid()
      dependency in cifs.upcall.c.
    - CVE-2026-12505

 -- Marc Deslauriers <email address hidden> Tue, 30 Jun 2026 16:23:06 -0400

Source diff to previous version
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

Version: 2:6.14-1ubuntu0.3 2025-06-16 14:07:03 UTC

  cifs-utils (2:6.14-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY REGRESSION: Fix memory leak in check_service_ticket_exists()
    if a valid Kerberos service ticket is not available.
    (LP: #2113906)
    - d/p/lp2113906-cifs.upcall-fix-memory-leaks-in-check_service_ticket.patch
  * SECURITY REGRESSION: Correctly search the calling applications
    environment for KRB5CCNAME if running kernel is not patched for
    CVE-2025-2312, fixing mounts for AD users. (LP: #2112614)
    - d/p/CVE-2025-2312-3.patch: cifs.upcall: correctly treat
      UPTARGET_UNSPECIFIED as UPTARGET_APP.

 -- Matthew Ruffell <email address hidden> Wed, 11 Jun 2025 16:18:36 +1200

Source diff to previous version
2113906 Regression: After LP2099917 cifs.upcall leaks memory on error message if service ticket doesn't exist
2112614 Regression: After CVE-2025-2312 cifs.upcall can't find credential caches from user env
CVE-2025-2312 A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to th

Version: 2:6.14-1ubuntu0.2 2025-05-27 19:07:06 UTC

  cifs-utils (2:6.14-1ubuntu0.2) jammy-security; urgency=medium

  * Skip checking the Kerberos TGT if a valid service ticket
    is available. (LP: #2099917)
    - d/p/lp2099917-cifs-utils-Skip-TGT-check-if-valid-service.patch
  * SECURITY UPDATE: namespace confusion may lead to disclosing
    sensitive data from host Kerberos credentials cache. (LP: #2099914)
    - d/p/CVE-2025-2312-1.patch: CIFS.upcall to accomodate new
      namespace mount opt.
    - d/p/CVE-2025-2312-2.patch: cifs-utils: add documentation
      for upcall_target.
    - CVE-2025-2312

 -- Matthew Ruffell <email address hidden> Wed, 02 Apr 2025 16:56:51 +1300

2099917 cifs.upcall: If kerberos credential cache already contains a valid service ticket, use that even if TGT is expired
CVE-2025-2312 A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to th



About   -   Send Feedback to @ubuntu_updates