Bug 29056 - cifs-utils new security issue CVE-2021-20208
Summary: cifs-utils new security issue CVE-2021-20208
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7TOO MGA7-64-OK MGA8-64-OK
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-30 23:46 CEST by David Walser
Modified: 2021-06-18 14:54 CEST (History)
3 users (show)

See Also:
Source RPM: cifs-utils-6.12-1.mga9.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-05-30 23:46:43 CEST
openSUSE has issued an advisory on May 1:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65NUX6IGI72XJIWLCF5QOKIKAWWJUMEY/

The issue is fixed upstream in 6.13:
https://bugzilla.samba.org/show_bug.cgi?id=14651

Mageia 7 and Mageia 8 are also affected.
David Walser 2021-05-30 23:46:57 CEST

Whiteboard: (none) => MGA8TOO, MGA7TOO
Status comment: (none) => Fixed upstream in 6.13

Comment 1 Nicolas Lécureuil 2021-05-31 15:18:48 CEST
fixed in cauldron

CC: (none) => mageia
Version: Cauldron => 8
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO

Comment 2 Nicolas Lécureuil 2021-05-31 16:07:18 CEST
Fixed in mga7/8

      src:
          - cifs-utils-6.9-6.2.mga7
          - cifs-utils-6.11-2.1.mga8

Assignee: bugsquad => qa-bugs

Comment 3 David Walser 2021-05-31 19:43:27 CEST
RPMS:
cifs-utils-6.9-6.2.mga7
cifs-utils-devel-6.9-6.2.mga7
cifs-utils-devel-6.11-2.1.mga8
cifs-utils-6.11-2.1.mga8

Status comment: Fixed upstream in 6.13 => (none)

Comment 4 Guillaume Royer 2021-05-31 20:51:05 CEST
MAGA 8 XFCE, Disc mounted with fstab and cifs-utils on my network.

Cifs updated with QA repo and rpms:

cifs-utils-devel-6.11-2.1.mga8
cifs-utils-6.11-2.1.mga8

After reboot all is ok, disc is always reachable and files are always readable.

CC: (none) => guillaume.royer

Comment 5 Herman Viaene 2021-06-16 14:41:12 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 27315for testing
I have samba server on my desktop PC, so
# mount.cifs -o username=herman //mach1/beelden /mnt/beeldencifs/
Password for herman@//mach1/beelden:  ********
# ls -als /mnt/beeldencifs/
total 1108
  0 drwxr-xr-x  2 root root      0 Apr  7 13:43 ./
  4 drwxr-xr-x 12 root root   4096 Jun 16 14:28 ../
  0 drwxr-xr-x  2 root root      0 Jul 27  2020 accessbasis/
  0 drwxr-xr-x  2 root root      0 Jul 27  2020 accessfinesses/
  0 drwxr-xr-x  2 root root      0 May 12 08:41 Afbeeldingen/
  0 drwxr-xr-x  2 root root      0 Apr  6 12:18 datakopie/
  0 drwxr-xr-x  2 root root      0 May 14 08:43 fotos/
820 -rwxr-xr-x  1 root root 838418 Mar 20  2018 Huishouden*
  0 drwxr-xr-x  2 root root      0 Dec 29  2013 lost+found/
  0 drwxr-xr-x  2 root root      0 Jan 12  2019 RawORF/
208 -rwxr-xr-x  1 root root 209872 Jan  6  2019 report.bug.xz*
  0 drwxr-xr-x  2 root root      0 Nov 16  2016 rietmach2/
  0 drwxr-xr-x  2 root root      0 Jun 13  2018 .Trash-1000/
  0 drwxr-xr-x  2 root root      0 Feb 27  2014 usbsticks/
 76 -rwxr-xr-x  1 root root  74337 Feb  1  2019 Xorg.0.log*
So, moount command works OK.

Sidenote: when I try to do the mounting using MCC, the mount hangs for a while, and at the CLI I see the feedback
Password entry required for 'Password for %@//mach1/beelden:' (PID 10603).
Please enter password with the systemd-tty-ask-password-agent tool.
But Where is that supposed to be???

Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
CC: (none) => herman.viaene

Comment 6 Herman Viaene 2021-06-18 14:54:16 CEST
MGA8-64 Plasma on Lenovo B50
No installation issues.
same commands as above, all works OK.

Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK


Note You need to log in before you can comment on or make changes to this bug.