[Pkg-samba-maint] Bug#1010818: cifs-utils: CVE-2022-27239 CVE-2022-29869

Salvatore Bonaccorso carnil at debian.org
Tue May 10 20:29:52 BST 2022


Source: cifs-utils
Version: 2:6.8-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 2:6.11-3.1
Control: found -1 2:6.14-1

Hi,

The following vulnerabilities were published for cifs-utils.

CVE-2022-27239[0]:
| In cifs-utils through 6.14, a stack-based buffer overflow when parsing
| the mount.cifs ip= command-line argument could lead to local attackers
| gaining root privileges.


CVE-2022-29869[1]:
| cifs-utils through 6.14, with verbose logging, can cause an
| information leak when a file contains = (equal sign) characters but is
| not a valid credentials file.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-27239
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27239
[1] https://security-tracker.debian.org/tracker/CVE-2022-29869
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29869

Regards,
Salvatore



More information about the Pkg-samba-maint mailing list