| Summary: | cifs-utils new security issue CVE-2021-20208 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, guillaume.royer, herman.viaene, mageia, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | cifs-utils-6.11-2.mga8.src.rpm | CVE: | CVE-2021-20208 |
| Status comment: | |||
|
Description
David Walser
2021-05-30 23:46:43 CEST
David Walser
2021-05-30 23:46:57 CEST
Whiteboard:
(none) =>
MGA8TOO, MGA7TOO fixed in cauldron Version:
Cauldron =>
8 Fixed in mga7/8
src:
- cifs-utils-6.9-6.2.mga7
- cifs-utils-6.11-2.1.mga8Assignee:
bugsquad =>
qa-bugs RPMS: cifs-utils-6.9-6.2.mga7 cifs-utils-devel-6.9-6.2.mga7 cifs-utils-devel-6.11-2.1.mga8 cifs-utils-6.11-2.1.mga8 Status comment:
Fixed upstream in 6.13 =>
(none) MAGA 8 XFCE, Disc mounted with fstab and cifs-utils on my network. Cifs updated with QA repo and rpms: cifs-utils-devel-6.11-2.1.mga8 cifs-utils-6.11-2.1.mga8 After reboot all is ok, disc is always reachable and files are always readable. CC:
(none) =>
guillaume.royer MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 27315for testing I have samba server on my desktop PC, so # mount.cifs -o username=herman //mach1/beelden /mnt/beeldencifs/ Password for herman@//mach1/beelden: ******** # ls -als /mnt/beeldencifs/ total 1108 0 drwxr-xr-x 2 root root 0 Apr 7 13:43 ./ 4 drwxr-xr-x 12 root root 4096 Jun 16 14:28 ../ 0 drwxr-xr-x 2 root root 0 Jul 27 2020 accessbasis/ 0 drwxr-xr-x 2 root root 0 Jul 27 2020 accessfinesses/ 0 drwxr-xr-x 2 root root 0 May 12 08:41 Afbeeldingen/ 0 drwxr-xr-x 2 root root 0 Apr 6 12:18 datakopie/ 0 drwxr-xr-x 2 root root 0 May 14 08:43 fotos/ 820 -rwxr-xr-x 1 root root 838418 Mar 20 2018 Huishouden* 0 drwxr-xr-x 2 root root 0 Dec 29 2013 lost+found/ 0 drwxr-xr-x 2 root root 0 Jan 12 2019 RawORF/ 208 -rwxr-xr-x 1 root root 209872 Jan 6 2019 report.bug.xz* 0 drwxr-xr-x 2 root root 0 Nov 16 2016 rietmach2/ 0 drwxr-xr-x 2 root root 0 Jun 13 2018 .Trash-1000/ 0 drwxr-xr-x 2 root root 0 Feb 27 2014 usbsticks/ 76 -rwxr-xr-x 1 root root 74337 Feb 1 2019 Xorg.0.log* So, moount command works OK. Sidenote: when I try to do the mounting using MCC, the mount hangs for a while, and at the CLI I see the feedback Password entry required for 'Password for %@//mach1/beelden:' (PID 10603). Please enter password with the systemd-tty-ask-password-agent tool. But Where is that supposed to be??? CC:
(none) =>
herman.viaene MGA8-64 Plasma on Lenovo B50 No installation issues. same commands as above, all works OK. Whiteboard:
MGA7TOO MGA7-64-OK =>
MGA7TOO MGA7-64-OK MGA8-64-OK Validating. Keywords:
(none) =>
validated_update Advisory: ======================== Updated cifs-utils packages fix a security vulnerability: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2021-20208). References: - https://bugs.mageia.org/show_bug.cgi?id=29056 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20208 - https://bugzilla.samba.org/show_bug.cgi?id=14651 - https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65NUX6IGI72XJIWLCF5QOKIKAWWJUMEY/ ======================== Updated packages in core/updates_testing: ======================== cifs-utils-6.9-6.2.mga7 cifs-utils-devel-6.9-6.2.mga7 cifs-utils-6.11-2.1.mga8 cifs-utils-devel-6.11-2.1.mga8 from SRPMs: cifs-utils-6.9-6.2.mga7.src.rpm cifs-utils-6.11-2.1.mga8.src.rpm Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0277.html Status:
NEW =>
RESOLVED |