* [ANNOUNCE] cifs-utils release 6.15 ready for download
@ 2022-04-29 22:03 Pavel Shilovsky
0 siblings, 0 replies; only message in thread
From: Pavel Shilovsky @ 2022-04-29 22:03 UTC (permalink / raw)
To: linux-cifs, samba-technical, samba, Jeffrey Bencteux,
David Disseldorp, Steve French
New version 6.15 of cifs-utils has been released today. This is a
security release to address the following bugs:
- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
Description
CVE-2022-27239:
In cifs-utils through 6.14, a stack-based buffer overflow when parsing
the mount.cifs ip= command-line argument could lead to local attackers
gaining root privileges.
CVE-2022-29869:
cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is
not a valid credentials file.
Both issues were originally reported and fixed by Jeffrey Bencteux.
Links
webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball: https://download.samba.org/pub/linux-cifs/cifs-utils/
git: git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Thanks to everyone who contributed to the release!
Best regards,
Pavel Shilovsky
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-04-29 22:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-29 22:03 [ANNOUNCE] cifs-utils release 6.15 ready for download Pavel Shilovsky
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.