UbuntuUpdates.org

Package "cifs-utils"

Name: cifs-utils

Description:

Common Internet File System utilities
Latest version: 2:7.0-2.1ubuntu0.2
Release: oracular (24.10)
Level: updates
Repository: main
Homepage: https://www.samba.org/~jlayton/cifs-utils/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cifs-utils"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "cifs-utils" in Oracular

Repository Area Version
base main 2:7.0-2.1
security main 2:7.0-2.1ubuntu0.2

Changelog

Version: 2:7.0-2.1ubuntu0.2 2025-06-16 18:07:37 UTC

  cifs-utils (2:7.0-2.1ubuntu0.2) oracular-security; urgency=medium

  * SECURITY REGRESSION: Fix memory leak in check_service_ticket_exists()
    if a valid Kerberos service ticket is not available.
    (LP: #2113906)
    - d/p/lp2113906-cifs.upcall-fix-memory-leaks-in-check_service_ticket.patch
  * SECURITY REGRESSION: Correctly search the calling applications
    environment for KRB5CCNAME if running kernel is not patched for
    CVE-2025-2312, fixing mounts for AD users. (LP: #2112614)
    - d/p/CVE-2025-2312-3.patch: cifs.upcall: correctly treat
      UPTARGET_UNSPECIFIED as UPTARGET_APP.

 -- Matthew Ruffell <email address hidden> Wed, 11 Jun 2025 16:59:07 +1200
Source diff to previous version
2113906 Regression: After LP2099917 cifs.upcall leaks memory on error message if service ticket doesn't exist
2112614 Regression: After CVE-2025-2312 cifs.upcall can't find credential caches from user env
CVE-2025-2312 A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to th

Version: 2:7.0-2.1ubuntu0.1 2025-05-27 21:07:29 UTC

  cifs-utils (2:7.0-2.1ubuntu0.1) oracular-security; urgency=medium

  * Skip checking the Kerberos TGT if a valid service ticket
    is available. (LP: #2099917)
    - d/p/lp2099917-cifs-utils-Skip-TGT-check-if-valid-service.patch
  * SECURITY UPDATE: namespace confusion may lead to disclosing
    sensitive data from host Kerberos credentials cache. (LP: #2099914)
    - d/p/CVE-2025-2312-1.patch: CIFS.upcall to accomodate new
      namespace mount opt.
    - d/p/CVE-2025-2312-2.patch: cifs-utils: add documentation
      for upcall_target.
    - CVE-2025-2312

 -- Matthew Ruffell <email address hidden> Wed, 02 Apr 2025 15:48:31 +1300
2099917 cifs.upcall: If kerberos credential cache already contains a valid service ticket, use that even if TGT is expired
CVE-2025-2312 A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to th


About   -   Send Feedback to @ubuntu_updates