* [Buildroot] [git commit] package/cifs-utils: security bump to version 6.13
@ 2021-05-07 19:56 Yann E. MORIN
0 siblings, 0 replies; only message in thread
From: Yann E. MORIN @ 2021-05-07 19:56 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=0b332bb15cd83e0d9d19abb66c8a349024472706
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fix CVE-2021-20208: A flaw was found in cifs-utils in versions before
6.13. A user when mounting a krb5 CIFS file system from within a
container can use Kerberos credentials of the host. The highest threat
from this vulnerability is to data confidentiality and integrity.
https://lists.samba.org/archive/samba-technical/2021-April/136467.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
package/cifs-utils/cifs-utils.hash | 2 +-
package/cifs-utils/cifs-utils.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/cifs-utils/cifs-utils.hash b/package/cifs-utils/cifs-utils.hash
index cd7a9bba62..566a5c4bf4 100644
--- a/package/cifs-utils/cifs-utils.hash
+++ b/package/cifs-utils/cifs-utils.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-sha256 922ddcc3059922e80789312c386b9c569991b4350d3ae3099de3e4b82f3885ef cifs-utils-6.12.tar.bz2
+sha256 43d8786c8613caccfa84913081c1d62bc2409575854cf895b05b48af0863d056 cifs-utils-6.13.tar.bz2
# Hash for license file:
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
diff --git a/package/cifs-utils/cifs-utils.mk b/package/cifs-utils/cifs-utils.mk
index 473e8a2c28..b29557cbe8 100644
--- a/package/cifs-utils/cifs-utils.mk
+++ b/package/cifs-utils/cifs-utils.mk
@@ -4,7 +4,7 @@
#
################################################################################
-CIFS_UTILS_VERSION = 6.12
+CIFS_UTILS_VERSION = 6.13
CIFS_UTILS_SOURCE = cifs-utils-$(CIFS_UTILS_VERSION).tar.bz2
CIFS_UTILS_SITE = http://ftp.samba.org/pub/linux-cifs/cifs-utils
CIFS_UTILS_LICENSE = GPL-3.0+
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-07 19:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-07 19:56 [Buildroot] [git commit] package/cifs-utils: security bump to version 6.13 Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.