Updated cifs-utils packages fix security vulnerability
Publication date: 12 May 2022Modification date: 12 May 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-27239 , CVE-2022-29869
Description
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the
mount.cifs ip= command-line argument could lead to local attackers gaining
root privileges. (CVE-2022-27239)
cifs-utils through 6.14, with verbose logging, can cause an information
leak when a file contains = (equal sign) characters but is not a valid
credentials file. (CVE-2022-29869)
References
- https://bugs.mageia.org/show_bug.cgi?id=30360
- https://www.openwall.com/lists/oss-security/2022/04/27/5
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QMGM2N6RR7GOZR7OP37QJTCTTLTTIWUN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27239
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29869
SRPMS
8/core
- cifs-utils-6.11-2.2.mga8