Paketname
cifs-utils
Datum
2012-05-04
Advisory ID
MDVSA-2012:069
Betroffene Versionen
2011 i586 , 2011 x86_64 , 2010.1 i586 , 2010.1 x86_64

Problembeschreibung

A vulnerability has been found and corrected in cifs-utils:

A file existence dislosure flaw was found in the way mount.cifs tool
of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS
(Common Internet File System) filesystem. A local user, able to
mount a remote CIFS share / target to a local directory could use
this flaw to confirm (non) existence of a file system object (file,
directory or process descriptor) via error messages generated during
the mount.cifs tool run (CVE-2012-1586).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2011 i586

 f1d534a2ee05113cf6cac6a30e4046e2  2011/i586/cifs-utils-4.9-1.2-mdv2011.0.i586.rpm 
 f5c019446c94a5f0476d6a4a8bdd19d8  2011/SRPMS/cifs-utils-4.9-1.2.src.rpm

2011 x86_64

 ab6001dd7d5007ab83635a96f3e5ed40  2011/x86_64/cifs-utils-4.9-1.2-mdv2011.0.x86_64.rpm 
 f5c019446c94a5f0476d6a4a8bdd19d8  2011/SRPMS/cifs-utils-4.9-1.2.src.rpm

2010.1 i586

 0b125635841123c39aa915e9708a8419  2010.1/i586/cifs-utils-4.8.1-0.2mdv2010.2.i586.rpm 
 2822bca1b75fc1eea5360f2c3d8d9bd6  2010.1/SRPMS/cifs-utils-4.8.1-0.2mdv2010.2.src.rpm

2010.1 x86_64

 052307fac1232b872f007ddeb5355af0  2010.1/x86_64/cifs-utils-4.8.1-0.2mdv2010.2.x86_64.rpm 
 2822bca1b75fc1eea5360f2c3d8d9bd6  2010.1/SRPMS/cifs-utils-4.8.1-0.2mdv2010.2.src.rpm

Referenzen