--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-eb2d3ca94d
2022-05-07 04:08:14.319085
--------------------------------------------------------------------------------Name        : cifs-utils
Product     : Fedora 36
Version     : 6.15
Release     : 1.fc36
URL         : https://linux-cifs.samba.org/cifs-utils/
Summary     : Utilities for mounting and managing CIFS mounts
Description :
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
on Microsoft Windows machines. This package contains tools for mounting
shares on Linux using the SMB/CIFS protocol. The tools in this package
work in conjunction with support in the kernel to allow one to mount a
SMB/CIFS share onto a client and use it as if it were a standard Linux
file system.

--------------------------------------------------------------------------------Update Information:

This is a security release to address the following bugs:  - CVE-2022-27239:
mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs:
fix verbose messages on option parsing  Description  CVE-2022-27239:  In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs
ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2022-29869:  cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is not a
valid credentials file.  Both issues were originally reported and fixed by
Jeffrey Bencteux.
--------------------------------------------------------------------------------ChangeLog:

* Sat Apr 30 2022 Alexander Bokovoy  - 6.15-1
- Upstream release 6.15
- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
- Fixes: rhbz#2080525
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2080525 - cifs-utils-6.15 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2080525
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-eb2d3ca94d' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 36: cifs-utils 2022-eb2d3ca94d

May 7, 2022

This is a security release to address the following bugs: - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on...

Summary

The SMB/CIFS protocol is a standard file sharing protocol widely deployed

on Microsoft Windows machines. This package contains tools for mounting

shares on Linux using the SMB/CIFS protocol. The tools in this package

work in conjunction with support in the kernel to allow one to mount a

SMB/CIFS share onto a client and use it as if it were a standard Linux

file system.

This is a security release to address the following bugs: - CVE-2022-27239:

mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs:

fix verbose messages on option parsing Description CVE-2022-27239: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs

ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an

information leak when a file contains = (equal sign) characters but is not a

valid credentials file. Both issues were originally reported and fixed by

Jeffrey Bencteux.

* Sat Apr 30 2022 Alexander Bokovoy - 6.15-1

- Upstream release 6.15

- CVE-2022-27239: mount.cifs: fix length check for ip option parsing

- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

- Fixes: rhbz#2080525

[ 1 ] Bug #2080525 - cifs-utils-6.15 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2080525

su -c 'dnf upgrade --advisory FEDORA-2022-eb2d3ca94d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2022-eb2d3ca94d 2022-05-07 04:08:14.319085 Product : Fedora 36 Version : 6.15 Release : 1.fc36 URL : https://linux-cifs.samba.org/cifs-utils/ Summary : Utilities for mounting and managing CIFS mounts Description : The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. This package contains tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a SMB/CIFS share onto a client and use it as if it were a standard Linux file system. This is a security release to address the following bugs: - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Both issues were originally reported and fixed by Jeffrey Bencteux. * Sat Apr 30 2022 Alexander Bokovoy - 6.15-1 - Upstream release 6.15 - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing - Fixes: rhbz#2080525 [ 1 ] Bug #2080525 - cifs-utils-6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080525 su -c 'dnf upgrade --advisory FEDORA-2022-eb2d3ca94d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity

Product : Fedora 36

Version : 6.15

Release : 1.fc36

URL : https://linux-cifs.samba.org/cifs-utils/

Summary : Utilities for mounting and managing CIFS mounts

What Are You Looking For?

Fedora 36: cifs-utils 2022-eb2d3ca94d

Summary

Change Log

References

Update Instructions

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!

Unlocking the Future of Authentication: Passkeys vs. Passwords

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

What Are You Looking For?

Fedora 36: cifs-utils 2022-eb2d3ca94d

Summary

Change Log

References

Update Instructions

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By