rpms/cifs-utils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

cifs-utils 6.15

Browse Source 
Fixes: rhbz#2080525

- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

Description

CVE-2022-27239:

In cifs-utils through 6.14, a stack-based buffer overflow when parsing
the mount.cifs ip= command-line argument could lead to local attackers
gaining root privileges.

CVE-2022-29869:

cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is
not a valid credentials file.

Both issues were originally reported and fixed by Jeffrey Bencteux.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Alexander Bokovoy 2022-04-30 20:43:32 +03:00
parent 0659a3c2c5
commit 80c65e7eb4
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -27,3 +27,4 @@ cifs-utils-4.6.tar.bz2
/cifs-utils-6.11.tar.bz2
/cifs-utils-6.13.tar.bz2
/cifs-utils-6.14.tar.bz2
/cifs-utils-6.15.tar.bz2

9
cifs-utils.spec
View File

@ -2,7 +2,7 @@
%define pre_release %nil
Name: cifs-utils
Version: 6.14
Version: 6.15
Release: 1%{pre_release}%{?dist}
Summary: Utilities for mounting and managing CIFS mounts
@ -124,6 +124,13 @@ about CIFS mount.
%{_mandir}/man1/smbinfo.*
%changelog
* Sat Apr 30 2022 Alexander Bokovoy <abokovoy@redhat.com> - 6.15-1
- Upstream release 6.15
- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
- Fixes: rhbz#2080525
* Wed Feb 02 2022 Alexander Bokovoy <abokovoy@redhat.com> - 6.14-1
- Upstream release 6.14

2
sources
View File

@ -1 +1 @@
SHA512 (cifs-utils-6.14.tar.bz2) = dd875e110988f84ac766900426e1a75c043607de1f24b87e95cd942f2f58561e1133d16466f02863643c8395fc0160df4050636d1ce0db005f2e52a592c7f0ab
SHA512 (cifs-utils-6.15.tar.bz2) = eedb8066563db584595a8ba7cb7a603e6b763ac2c1261430d605c327fcc5a831acd48b58ea55dd243af778dfdc827ab8c6daf4015764ff550dcffc2182773510