[Pkg-samba-maint] Bug#989080: cifs-utils: Fix for CVE-2021-20208 breaks cifs.upcall
Finn Martin Krein
finnkrein at physik.fu-berlin.de
Tue May 25 15:02:14 BST 2021
Package: cifs-utils
Version: 2:6.11-3
Severity: important
Tags: upstream
X-Debbugs-Cc: finnkrein at physik.fu-berlin.de
Dear Maintainer,
when using cifs-utils to mount a samba share using a krb5 ticket cifs.upcall fails:
$ mount -t cifs --verbose -o seal,idsfromsid,cifsacl,rw,sec=krb5i,user=finnkrein,cruid=finnkrein //storage.physik.fu-berlin.de/finnkrein /net/test
mount error(126): Required key not available
>From journalctl -e:
cifs.upcall[34940]: switch_to_process_ns: setns() failed for cgroup
cifs.upcall[34940]: unable to switch to process namespace: Operation not>
cifs.upcall[34940]: Exit status 1
This bug was likely introduced by the fix for CVE-2021-20208 (#987308), is known upstream and discussed at https://www.spinics.net/lists/linux-cifs/msg21550.html.
The respective patch is currently included as "0010-CVE-2021-20208.patch".
-- System Information:
Debian Release: 11.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cifs-utils depends on:
ii libc6 2.31-12
ii libcap-ng0 0.7.9-2.2+b1
ii libkeyutils1 1.6.1-2
ii libkrb5-3 1.18.3-5
ii libpam0g 1.4.0-7
ii libtalloc2 2.3.1-2+b1
ii libwbclient0 2:4.13.5+dfsg-2
ii python3 3.9.2-3
Versions of packages cifs-utils recommends:
ii keyutils 1.6.1-2
Versions of packages cifs-utils suggests:
ii bash-completion 1:2.11-2
ii smbclient 2:4.13.5+dfsg-2
pn winbind <none>
-- no debconf information
More information about the Pkg-samba-maint
mailing list