cifs-utils/sources at 460d4b9baf7a37faa5bd080a5ed5ed60c4d9a928 - cifs-utils - AlmaLinux OS Foundation Git Server

rpms/cifs-utils

Alexander Bokovoy 80c65e7eb4 cifs-utils 6.15

Fixes: rhbz#2080525

- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

Description

CVE-2022-27239:

In cifs-utils through 6.14, a stack-based buffer overflow when parsing
the mount.cifs ip= command-line argument could lead to local attackers
gaining root privileges.

CVE-2022-29869:

cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is
not a valid credentials file.

Both issues were originally reported and fixed by Jeffrey Bencteux.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

2022-04-30 20:43:32 +03:00

2 lines

164 B

Plaintext

Raw Blame History

SHA512 (cifs-utils-6.15.tar.bz2) = eedb8066563db584595a8ba7cb7a603e6b763ac2c1261430d605c327fcc5a831acd48b58ea55dd243af778dfdc827ab8c6daf4015764ff550dcffc2182773510