Fedora has issued an advisory on May 6: https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133341.html Fixes for this appear to be a part of this commit: http://pkgs.fedoraproject.org/cgit/cifs-utils.git/commit/?id=8650af544c0e0f8c76b688ad85254e4d489ae5a9 Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note that in cifs-utils 6.3 (in Cauldron) cifscreds.c from previous versions was split into cifscreds.c, cifskey.c, and pam_cifscreds.c. The patches for 6.3 affect all three, but the main vulnerability is in cifskey.c. In older versions, the vulnerable code is in cifscreds.c. Advisory: ======================== Updated cifs-utils packages fix security vulnerability: Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c (CVE-2014-2830). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2830 https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133341.html ======================== Updated packages in core/updates_testing: ======================== cifs-utils-6.0-1.1.mga3 cifs-utils-devel-6.0-1.1.mga3 cifs-utils-6.2-2.1.mga4 cifs-utils-devel-6.2-2.1.mga4 from SRPMS: cifs-utils-6.0-1.1.mga3.src.rpm cifs-utils-6.2-2.1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Use to mount a samba/windows share. Test with.. # mount -t cifs //host/share /mount/point -o username=<user>,password=<passwd> You may need to specify the host in /etc/hosts or use the ip address.
Whiteboard: MGA3TOO => MGA3TOO has_procedure
Tested cifs-utils-6.2-2.1.mga4 on mga4 x64, all ok. Tested cifs-utils-6.2-2.mga4 before upgrading, all worked with no issues. I could browse and copy from the cifs share without issue. Upgraded to cifs-utils-6.2-2.1.mga4 and retried testes for browsing and file copies without issue.
CC: (none) => dpremyWhiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga4-64-ok
Testing complete mga4 32
Whiteboard: MGA3TOO has_procedure mga4-64-ok => MGA3TOO has_procedure mga4-32-ok mga4-64-ok
Testing complete mga3 64
Whiteboard: MGA3TOO has_procedure mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok
Testing complete mga3 32 Advisory uploaded. Validating. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok MGA4-64-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0242.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED