thr3ads.net - samba - [Samba] [ANNOUNCE] cifs-utils release 6.15 ready for download [Apr 2022]

If this information is useful, please help other people find it:
Share via:

Pavel Shilovsky

2022-Apr-29 22:03 UTC

[Samba] [ANNOUNCE] cifs-utils release 6.15 ready for download

New version 6.15 of cifs-utils has been released today. This is a
security release to address the following bugs:

- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

Description

CVE-2022-27239:

In cifs-utils through 6.14, a stack-based buffer overflow when parsing
the mount.cifs ip= command-line argument could lead to local attackers
gaining root privileges.

CVE-2022-29869:

cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is
not a valid credentials file.

Both issues were originally reported and fixed by Jeffrey Bencteux.

Links

webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball: https://download.samba.org/pub/linux-cifs/cifs-utils/
git: git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary

Thanks to everyone who contributed to the release!

Best regards,
Pavel Shilovsky

samba - Apr 2022 - [ANNOUNCE] cifs-utils release 6.15 ready for download

[Samba] [ANNOUNCE] cifs-utils release 6.15 ready for download