aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Fabrice Fontaine <fontaine.fabrice@gmail.com>2020-09-20 09:57:20 +0200
committerGravatar Thomas Petazzoni <thomas.petazzoni@bootlin.com>2020-09-20 15:06:04 +0200
commitce0e86b293018279416213a56db56c6cfa548402 (patch)
treeda9c2c41410820c4b425160e55c5eaef797bb13a
parente56f54220ee14ccdbfdb60bf56e2a88b35877394 (diff)
downloadbuildroot-ce0e86b293018279416213a56db56c6cfa548402.tar.gz
buildroot-ce0e86b293018279416213a56db56c6cfa548402.tar.bz2
package/cifs-utils: security bump to version 6.11
Fix CVE-2020-14342: It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-rw-r--r--package/cifs-utils/cifs-utils.hash2
-rw-r--r--package/cifs-utils/cifs-utils.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/cifs-utils/cifs-utils.hash b/package/cifs-utils/cifs-utils.hash
index 5eaa84f370..ca97eb8e56 100644
--- a/package/cifs-utils/cifs-utils.hash
+++ b/package/cifs-utils/cifs-utils.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-sha256 92fc29c8e9039637f3344267500f1fa381e2cccd7d10142f0c1676fa575904a7 cifs-utils-6.10.tar.bz2
+sha256 b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9 cifs-utils-6.11.tar.bz2
# Hash for license file:
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
diff --git a/package/cifs-utils/cifs-utils.mk b/package/cifs-utils/cifs-utils.mk
index b59a54d987..b06ce7dddf 100644
--- a/package/cifs-utils/cifs-utils.mk
+++ b/package/cifs-utils/cifs-utils.mk
@@ -4,7 +4,7 @@
#
################################################################################
-CIFS_UTILS_VERSION = 6.10
+CIFS_UTILS_VERSION = 6.11
CIFS_UTILS_SOURCE = cifs-utils-$(CIFS_UTILS_VERSION).tar.bz2
CIFS_UTILS_SITE = http://ftp.samba.org/pub/linux-cifs/cifs-utils
CIFS_UTILS_LICENSE = GPL-3.0+