| Package | cifs-utils |
|---|---|
| Version | 2:6.4-1+deb8u1 |
| Related CVEs | CVE-2022-27239 CVE-2022-29869 |
A couple of vulnerabilities were found in src:cifs-utils, a Common Internet File System utilities, and are as follows:
CVE-2022-27239
In cifs-utils, a stack-based buffer overflow when parsing the
mount.cifs ip= command-line argument could lead to local attackers
gaining root privileges.
CVE-2022-29869
cifs-utils, with verbose logging, can cause an information leak
when a file contains = (equal sign) characters but is not a valid
credentials file.
For Debian 8 jessie, these problems have been fixed in version 2:6.4-1+deb8u1.
We recommend that you upgrade your cifs-utils packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.