Univention Bugzilla – Bug 54818
cifs-utils: Multiple issues (5.0)
Last modified: 2022-06-08 16:50:33 CEST
New Debian cifs-utils 2:6.8-2+deb10u1 fixes: This update addresses the following issues: * stack-based buffer overflow mount.cifs may lead to local privilege escalation to root (CVE-2022-27239) * crafted input may cause an information leak (CVE-2022-29869)
--- mirror/ftp/pool/main/c/cifs-utils/cifs-utils_6.8-2.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/cifs-utils_6.8-2+deb10u1.dsc @@ -1,3 +1,11 @@ +2:6.8-2+deb10u1 [Tue, 10 May 2022 22:26:50 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * mount.cifs: fix length check for ip option parsing (CVE-2022-27239) + (Closes: #1010818) + * mount.cifs: fix verbose messages on option parsing (CVE-2022-29869) + (Closes: #1010818) + 2:6.8-2 [Sun, 17 Jun 2018 21:58:28 +0200] Mathieu Parent <sathieu@debian.org>: * Drop Depends: samba-common (Closes: #901654) <http://piuparts.knut.univention.de/5.0-1/#7183941209076051605>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x325>