Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:1381-1

Опубликовано: 28 апр. 2025
Источник: suse-cvrf

Описание

Security update for cifs-utils

This update for cifs-utils fixes the following issues:

  • CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680)

Список пакетов

SUSE Linux Enterprise Micro 5.3
cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Micro 5.4
cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Micro 5.5
cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
cifs-utils-6.15-150400.3.12.1
cifs-utils-devel-6.15-150400.3.12.1
openSUSE Leap 15.6
cifs-utils-6.15-150400.3.12.1
cifs-utils-devel-6.15-150400.3.12.1
pam_cifscreds-6.15-150400.3.12.1

Описание

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.


Затронутые продукты
SUSE Linux Enterprise Micro 5.3:cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Micro 5.4:cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Micro 5.5:cifs-utils-6.15-150400.3.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:cifs-utils-6.15-150400.3.12.1

Ссылки