Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Debian 9 Stretch DLA-3009-1 Critical: cifs-utils Buffer Overflow

debian lts
Calendar Grey May 16, 2022
Dist Debian Esm H88
Debian LTS Announcement DLA-3009-2 concerns vulnerabilities in cifs-utils, highlighting a critical buffer overflow and an information disclosure flaw that need remediation.
A couple of vulnerabilities were found in src:cifs-utils, a Common Internet File System utilities, and are as follows: CVE-2022-27239
Topics%20covered

Topics Covered

security advisory information leak buffer overflow debian local attack cifs-utils

Summary

CVE-2022-27239

In cifs-utils, a stack-based buffer overflow when parsing the
mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-29869

cifs-utils, with verbose logging, can cause an information leak
when a file contains = (equal sign) characters but is not a valid
credentials file.

For Debian 9 stretch, these problems have been fixed in version
2:6.7-1+deb9u1.

We recommend that you upgrade your cifs-utils packages.

For the detailed security status of cifs-utils please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/cifs-utils

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: cifs-utils
Version: 2:6.7-1+deb9u1
CVE ID: CVE-2022-27239 CVE-2022-29869
Debian Bug: 1010818

Topics%20covered

Topics Covered

security advisory information leak buffer overflow debian local attack cifs-utils

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here