#16491 closed enhancement (fixed)
cifs-utils-6.15
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 11.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (6)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
| Priority: | normal → high |
|---|
comment:3 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
comment:4 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 45c3b2009db651c6cc43b8689e382d7c0540a7a1
Security advisory will come later when I am finished with Seamonkey.
comment:6 by , 2 years ago
New version 6.15 of cifs-utils has been released today. This is a security release to address the following bugs: - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
Note:
See TracTickets
for help on using tickets.
Security-sensitive stuff and things I need to take care of