openSUSE has issued an advisory on May 1: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65NUX6IGI72XJIWLCF5QOKIKAWWJUMEY/ The issue is fixed upstream in 6.13: https://bugzilla.samba.org/show_bug.cgi?id=14651 Mageia 7 and Mageia 8 are also affected.
Whiteboard: (none) => MGA8TOO, MGA7TOOStatus comment: (none) => Fixed upstream in 6.13
fixed in cauldron
Version: Cauldron => 8Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOCC: (none) => mageia
Fixed in mga7/8 src: - cifs-utils-6.9-6.2.mga7 - cifs-utils-6.11-2.1.mga8
Assignee: bugsquad => qa-bugs
RPMS: cifs-utils-6.9-6.2.mga7 cifs-utils-devel-6.9-6.2.mga7 cifs-utils-devel-6.11-2.1.mga8 cifs-utils-6.11-2.1.mga8
Status comment: Fixed upstream in 6.13 => (none)
MAGA 8 XFCE, Disc mounted with fstab and cifs-utils on my network. Cifs updated with QA repo and rpms: cifs-utils-devel-6.11-2.1.mga8 cifs-utils-6.11-2.1.mga8 After reboot all is ok, disc is always reachable and files are always readable.
CC: (none) => guillaume.royer
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 27315for testing I have samba server on my desktop PC, so # mount.cifs -o username=herman //mach1/beelden /mnt/beeldencifs/ Password for herman@//mach1/beelden: ******** # ls -als /mnt/beeldencifs/ total 1108 0 drwxr-xr-x 2 root root 0 Apr 7 13:43 ./ 4 drwxr-xr-x 12 root root 4096 Jun 16 14:28 ../ 0 drwxr-xr-x 2 root root 0 Jul 27 2020 accessbasis/ 0 drwxr-xr-x 2 root root 0 Jul 27 2020 accessfinesses/ 0 drwxr-xr-x 2 root root 0 May 12 08:41 Afbeeldingen/ 0 drwxr-xr-x 2 root root 0 Apr 6 12:18 datakopie/ 0 drwxr-xr-x 2 root root 0 May 14 08:43 fotos/ 820 -rwxr-xr-x 1 root root 838418 Mar 20 2018 Huishouden* 0 drwxr-xr-x 2 root root 0 Dec 29 2013 lost+found/ 0 drwxr-xr-x 2 root root 0 Jan 12 2019 RawORF/ 208 -rwxr-xr-x 1 root root 209872 Jan 6 2019 report.bug.xz* 0 drwxr-xr-x 2 root root 0 Nov 16 2016 rietmach2/ 0 drwxr-xr-x 2 root root 0 Jun 13 2018 .Trash-1000/ 0 drwxr-xr-x 2 root root 0 Feb 27 2014 usbsticks/ 76 -rwxr-xr-x 1 root root 74337 Feb 1 2019 Xorg.0.log* So, moount command works OK. Sidenote: when I try to do the mounting using MCC, the mount hangs for a while, and at the CLI I see the feedback Password entry required for 'Password for %@//mach1/beelden:' (PID 10603). Please enter password with the systemd-tty-ask-password-agent tool. But Where is that supposed to be???
CC: (none) => herman.viaeneWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
MGA8-64 Plasma on Lenovo B50 No installation issues. same commands as above, all works OK.
Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory: ======================== Updated cifs-utils packages fix a security vulnerability: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2021-20208). References: - https://bugs.mageia.org/show_bug.cgi?id=29056 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20208 - https://bugzilla.samba.org/show_bug.cgi?id=14651 - https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65NUX6IGI72XJIWLCF5QOKIKAWWJUMEY/ ======================== Updated packages in core/updates_testing: ======================== cifs-utils-6.9-6.2.mga7 cifs-utils-devel-6.9-6.2.mga7 cifs-utils-6.11-2.1.mga8 cifs-utils-devel-6.11-2.1.mga8 from SRPMs: cifs-utils-6.9-6.2.mga7.src.rpm cifs-utils-6.11-2.1.mga8.src.rpm
Keywords: (none) => advisoryCVE: (none) => CVE-2021-20208Source RPM: cifs-utils-6.12-1.mga9.src.rpm => cifs-utils-6.11-2.mga8.src.rpmCC: (none) => ouaurelien
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0277.html
Status: NEW => RESOLVEDResolution: (none) => FIXED