cvrf2cusa/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json

{
  "id": "openEuler-SA-2022-1626",
  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1626",
  "title": "An update for cifs-utils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
  "severity": "Medium",
  "description": "The in-kernel CIFS filesystem is generally the preferred method for mounting SMB/CIFS shares on Linux. The in-kernel CIFS filesystem relies on a set of user-space tools. That package of tools is called cifs-utils.Although not really part of Samba proper, these tools were originally part of the Samba package. For several reasons, shipping these tools as part of Samba was problematic and it was deemed better to split them off into their own package.\r\n\r\nSecurity Fix(es):\r\n\r\ncifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.(CVE-2022-29869)\n\nIn cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.(CVE-2022-27239)",
  "cves": [
    {
      "id": "CVE-2022-27239",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27239",
      "severity": "Medium"
    }
  ]
}
增加测试用的配置和目录 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-07-02 07:51:55 +00:00			`{`
			`"id": "openEuler-SA-2022-1626",`
			`"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1626",`
			`"title": "An update for cifs-utils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",`
release v0.1.2 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-08-01 02:25:22 +00:00			`"severity": "Medium",`
增加测试用的配置和目录 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-07-02 07:51:55 +00:00			"description": "The in-kernel CIFS filesystem is generally the preferred method for mounting SMB/CIFS shares on Linux. The in-kernel CIFS filesystem relies on a set of user-space tools. That package of tools is called cifs-utils.Although not really part of Samba proper, these tools were originally part of the Samba package. For several reasons, shipping these tools as part of Samba was problematic and it was deemed better to split them off into their own package.\r\n\r\nSecurity Fix(es):\r\n\r\ncifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.(CVE-2022-29869)\n\nIn cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.(CVE-2022-27239)",
			`"cves": [`
			`{`
			`"id": "CVE-2022-27239",`
			`"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27239",`
release v0.1.2 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-08-01 02:25:22 +00:00			`"severity": "Medium"`
增加测试用的配置和目录 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-07-02 07:51:55 +00:00			`}`
			`]`
			`}`