Описание
Security update for cifs-utils
This update for cifs-utils fixes the following issues:
- CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680)
Список пакетов
SUSE Linux Enterprise Micro 5.3
cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Micro 5.4
cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Micro 5.5
cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
cifs-utils-6.15-150400.3.12.1
cifs-utils-devel-6.15-150400.3.12.1
openSUSE Leap 15.6
cifs-utils-6.15-150400.3.12.1
cifs-utils-devel-6.15-150400.3.12.1
pam_cifscreds-6.15-150400.3.12.1
Ссылки
- Link for SUSE-SU-2025:1381-1
- E-Mail link for SUSE-SU-2025:1381-1
- SUSE Security Ratings
- SUSE Bug 1239680
- SUSE CVE CVE-2025-2312 page
Описание
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.
Затронутые продукты
SUSE Linux Enterprise Micro 5.3:cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Micro 5.4:cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Micro 5.5:cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:cifs-utils-6.15-150400.3.12.1
Ссылки
- CVE-2025-2312
- SUSE Bug 1239680