Overview

File _patchinfo of Package patchinfo.19418

<patchinfo incident="19418">
  <issue tracker="bnc" id="1183239">VUL-0: CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in container</issue>
  <issue tracker="bnc" id="1184815">L3: Unable to mount CIFS filesystem (error -126) after updating cifs-utils (from 6.9-5.6.1 to 6.9-5.9.1)</issue>
  <issue tracker="bnc" id="1152930">mount.cifs crashes when attempting to mount invalid directories</issue>
  <issue tracker="bnc" id="1174477">VUL-1: CVE-2020-14342: cifs-utils: Shell command injection vulnerability in mount.cifs</issue>
  <issue tracker="cve" id="2020-14342"/>
  <issue tracker="cve" id="2021-20208"/>
  <packager>pauloac</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for cifs-utils</summary>
  <description>
This update for cifs-utils fixes the following security issues:

- CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239)
- CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477)

This update for cifs-utils fixes the following issues:

- Solve invalid directory mounting. When attempting to change the current
  working directory into non-existing directories, mount.cifs crashes.
  (bsc#1152930)

- Fixed a bug where it was no longer possible to mount CIFS filesystem after
  the last maintenance update. (bsc#1184815)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places