Mageia 2021-0277: cifs-utils security update
Summary
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a
krb5 CIFS file system from within a container can use Kerberos credentials of
the host. The highest threat from this vulnerability is to data confidentiality
and integrity (CVE-2021-20208).
References
- https://bugs.mageia.org/show_bug.cgi?id=29056
- https://bugzilla.samba.org/show_bug.cgi?id=14651
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65NUX6IGI72XJIWLCF5QOKIKAWWJUMEY/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20208
Resolution
MGASA-2021-0277 - Updated cifs-utils packages fix a security vulnerability
SRPMS
- 8/core/cifs-utils-6.11-2.1.mga8
- 7/core/cifs-utils-6.9-6.2.mga7