[ANNOUNCE] cifs-utils release 6.15 ready for download
pshilovsky at samba.org
Fri Apr 29 22:03:07 UTC 2022
New version 6.15 of cifs-utils has been released today. This is a
security release to address the following bugs:
- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
In cifs-utils through 6.14, a stack-based buffer overflow when parsing
the mount.cifs ip= command-line argument could lead to local attackers
gaining root privileges.
cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is
not a valid credentials file.
Both issues were originally reported and fixed by Jeffrey Bencteux.
Thanks to everyone who contributed to the release!
More information about the samba-technical