[Pkg-samba-maint] Bug#1010818: cifs-utils: CVE-2022-27239 CVE-2022-29869
Salvatore Bonaccorso
carnil at debian.org
Tue May 10 20:29:52 BST 2022
Source: cifs-utils
Version: 2:6.8-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 2:6.11-3.1
Control: found -1 2:6.14-1
Hi,
The following vulnerabilities were published for cifs-utils.
CVE-2022-27239[0]:
| In cifs-utils through 6.14, a stack-based buffer overflow when parsing
| the mount.cifs ip= command-line argument could lead to local attackers
| gaining root privileges.
CVE-2022-29869[1]:
| cifs-utils through 6.14, with verbose logging, can cause an
| information leak when a file contains = (equal sign) characters but is
| not a valid credentials file.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-27239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27239
[1] https://security-tracker.debian.org/tracker/CVE-2022-29869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29869
Regards,
Salvatore
More information about the Pkg-samba-maint
mailing list