UbuntuUpdates.org

Package "cifs-utils"

Name: cifs-utils

Description:

Common Internet File System utilities
Latest version: 2:6.8-1ubuntu1.2
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://www.samba.org/~jlayton/cifs-utils/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cifs-utils"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "cifs-utils" in Bionic

Repository Area Version
base main 2:6.8-1
security main 2:6.8-1ubuntu1.2

Changelog

Version: 2:6.8-1ubuntu1.2 2022-06-02 19:06:17 UTC

  cifs-utils (2:6.8-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: command injection via shell
    - debian/patches/CVE-2020-14342.patch: fix injection in mount.cifs.c.
    - CVE-2020-14342
  * SECURITY UPDATE: krb5 credential use from host
    - debian/patches/CVE-2021-20208-1.patch: try to use container
      namespaces in cifs.upcall.c.
    - debian/patches/CVE-2021-20208-2.patch: fix regression in kerberos
      mount in cifs.upcall.c.
    - CVE-2021-20208
  * SECURITY UPDATE: buffer overflow in ip= command-line argument
    - debian/patches/CVE-2022-27239.patch: fix length check for ip option
      parsing in mount.cifs.c.
    - CVE-2022-27239
  * SECURITY UPDATE: information leak via verbose logging
    - debian/patches/CVE-2022-29869.patch: fix verbose messages on option
      parsing in mount.cifs.c.
    - CVE-2022-29869

 -- Marc Deslauriers <email address hidden> Wed, 01 Jun 2022 12:19:46 -0400
Source diff to previous version
CVE-2020-14342 It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. A
CVE-2021-20208 A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credent
CVE-2022-27239 In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining
CVE-2022-29869 cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid creden

Version: 2:6.8-1ubuntu1.1 2020-09-28 15:06:57 UTC

  cifs-utils (2:6.8-1ubuntu1.1) bionic; urgency=medium

  * Add smbinfo utility and 'keys' command (LP: #1886551) :
    - d/p/0001-smbinfo-add-a-utility-to-display-smb-specific-inform.patch
    - d/p/0002-smbinfo.rst-document-kernel-version.patch
    - d/p/0003-smbinfo-Add-more-File-Information-classes.patch
    - d/p/0004-smbinfo-update-help-text.patch
    - d/p/0005-smbinfo-Update-the-usage-text-with-the-new-infolevel.patch
    - d/p/0006-smbinfo-add-FileFsFullSizeInformation.patch
    - d/p/0007-smbinfo-decode-the-ACEs.patch
    - d/p/0008-smbinfo-fix-code-style.patch
    - d/p/0009-smbinfo-add-fsctl-getobjid-support.patch
    - d/p/0010-smbinfo-missing-help-for-fsctl-getobjid.patch
    - d/p/0011-smbinfo-Add-ability-to-query-snapshots-previous-vers.patch
    - d/p/0012-smbinfo-make-argument-order-consistent.patch
    - d/p/0013-smbinfo-use-constant-for-input-buffer-length.patch
    - d/p/0014-smbinfo-Improve-help-usage-and-add-h-option.patch
    - d/p/0015-smbinfo-add-GETCOMPRESSION-support.patch
    - d/p/0016-smbinfo-print-the-security-information-needed-to-dec.patch
    - d/p/0017-smbinfo-Add-SETCOMPRESSION-support.patch
    - d/p/0018-smbinfo.rst-document-new-keys-command.patch

 -- Ioanna Alifieraki <email address hidden> Thu, 10 Sep 2020 02:31:09 +0100
Source diff to previous version
1886551 wireshark trace decryption

Version: 2:6.8-1ubuntu1 2020-07-17 00:07:00 UTC

  cifs-utils (2:6.8-1ubuntu1) bionic; urgency=medium

  * d/p/setcifsacl-fix-adding-ACE-when-owner-sid-in-unexpect.patch:
    Fix adding ACE when owner sid in unexpected location (LP: #1886548)

 -- Eric Desrochers <email address hidden> Wed, 08 Jul 2020 17:44:31 +0000
1886548 setcifsacl: fix adding ACE when owner sid in unexpected location


About   -   Send Feedback to @ubuntu_updates