[ubuntu/focal-security] cifs-utils 2:6.9-1ubuntu0.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Jun 2 16:34:18 UTC 2022
cifs-utils (2:6.9-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: command injection via shell
- debian/patches/CVE-2020-14342.patch: fix injection in mount.cifs.c.
- CVE-2020-14342
* SECURITY UPDATE: krb5 credential use from host
- debian/patches/CVE-2021-20208-1.patch: try to use container
namespaces in cifs.upcall.c.
- debian/patches/CVE-2021-20208-2.patch: fix regression in kerberos
mount in cifs.upcall.c.
- CVE-2021-20208
* SECURITY UPDATE: buffer overflow in ip= command-line argument
- debian/patches/CVE-2022-27239.patch: fix length check for ip option
parsing in mount.cifs.c.
- CVE-2022-27239
* SECURITY UPDATE: information leak via verbose logging
- debian/patches/CVE-2022-29869.patch: fix verbose messages on option
parsing in mount.cifs.c.
- CVE-2022-29869
Date: 2022-06-01 16:59:09.234985+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/cifs-utils/2:6.9-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list