File _patchinfo of Package patchinfo.19418

<patchinfo incident="19418">
  <issue tracker="bnc" id="1183239">VUL-0: CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in container</issue>
  <issue tracker="bnc" id="1184815">L3: Unable to mount CIFS filesystem (error -126) after updating cifs-utils (from 6.9-5.6.1 to 6.9-5.9.1)</issue>
  <issue tracker="bnc" id="1152930">mount.cifs crashes when attempting to mount invalid directories</issue>
  <issue tracker="bnc" id="1174477">VUL-1: CVE-2020-14342: cifs-utils: Shell command injection vulnerability in mount.cifs</issue>
  <issue tracker="cve" id="2020-14342"/>
  <issue tracker="cve" id="2021-20208"/>
  <summary>Security update for cifs-utils</summary>
This update for cifs-utils fixes the following security issues:

- CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239)
- CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477)

This update for cifs-utils fixes the following issues:

- Solve invalid directory mounting. When attempting to change the current
  working directory into non-existing directories, mount.cifs crashes.

- Fixed a bug where it was no longer possible to mount CIFS filesystem after
  the last maintenance update. (bsc#1184815)
openSUSE Build Service is sponsored by