openSUSE-SU-2020:1579-1

Опубликовано: 29 сент. 2020

Источник: suse-cvrf

Описание

Security update for cifs-utils

This update for cifs-utils fixes the following issues:

CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477).
Fixed an invalid free in mount.cifs; (bsc#1152930).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

cifs-utils-6.9-lp151.4.7.1

cifs-utils-devel-6.9-lp151.4.7.1

pam_cifscreds-6.9-lp151.4.7.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TC64OHNF4BWAKNIMUW3XQQI4EWLKL2HS/
E-Mail link for openSUSE-SU-2020:1579-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1152930
SUSE Bug 1152930
https://bugzilla.suse.com/1174477
SUSE Bug 1174477
https://www.suse.com/security/cve/CVE-2020-14342/
SUSE CVE CVE-2020-14342 page

Описание

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

Затронутые продукты

openSUSE Leap 15.1:cifs-utils-6.9-lp151.4.7.1

openSUSE Leap 15.1:cifs-utils-devel-6.9-lp151.4.7.1

openSUSE Leap 15.1:pam_cifscreds-6.9-lp151.4.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14342.html
CVE-2020-14342
https://bugzilla.suse.com/1174477
SUSE Bug 1174477

openSUSE-SU-2020:1579-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-14342

Описание

Затронутые продукты

Ссылки