UbuntuUpdates.org

Package "cifs-utils"

Name: cifs-utils

Description:

Common Internet File System utilities

Latest version: 2:6.14-1ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.samba.org/~jlayton/cifs-utils/

Links


Download "cifs-utils"


Other versions of "cifs-utils" in Jammy

Repository Area Version
base main 2:6.14-1build1
updates main 2:6.14-1ubuntu0.1

Changelog

Version: 2:6.14-1ubuntu0.1 2022-06-02 18:06:21 UTC

  cifs-utils (2:6.14-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in ip= command-line argument
    - debian/patches/CVE-2022-27239.patch: fix length check for ip option
      parsing in mount.cifs.c.
    - CVE-2022-27239
  * SECURITY UPDATE: information leak via verbose logging
    - debian/patches/CVE-2022-29869.patch: fix verbose messages on option
      parsing in mount.cifs.c.
    - CVE-2022-29869

 -- Marc Deslauriers <email address hidden> Wed, 01 Jun 2022 12:08:56 -0400

CVE-2022-27239 In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining
CVE-2022-29869 cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid creden



About   -   Send Feedback to @ubuntu_updates