Описание
Security update for cifs-utils
This update for cifs-utils fixes the following security issues:
- CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239)
- CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477)
This update for cifs-utils fixes the following issues:
-
Solve invalid directory mounting. When attempting to change the current working directory into non-existing directories, mount.cifs crashes. (bsc#1152930)
-
Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update. (bsc#1184815)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:0639-1
- SUSE Security Ratings
- SUSE Bug 1152930
- SUSE Bug 1174477
- SUSE Bug 1183239
- SUSE Bug 1184815
- SUSE CVE CVE-2020-14342 page
- SUSE CVE CVE-2021-20208 page
Описание
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.
Затронутые продукты
Ссылки
- CVE-2020-14342
- SUSE Bug 1174477
Описание
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Затронутые продукты
Ссылки
- CVE-2021-20208
- SUSE Bug 1183239