suse-su-2021:1455-1
Vulnerability from csaf_suse
Published
2021-04-30 09:58
Modified
2021-04-30 09:58
Summary
Security update for cifs-utils
Notes
Title of the patch
Security update for cifs-utils
Description of the patch
This update for cifs-utils fixes the following security issues:
- CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239)
- CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477)
This update for cifs-utils fixes the following issues:
- Solve invalid directory mounting. When attempting to change the current
working directory into non-existing directories, mount.cifs crashes.
(bsc#1152930)
- Fixed a bug where it was no longer possible to mount CIFS filesystem after
the last maintenance update. (bsc#1184815)
Patchnames
SUSE-2021-1455,SUSE-SLE-Product-HPC-15-2021-1455,SUSE-SLE-Product-SLES-15-2021-1455,SUSE-SLE-Product-SLES_SAP-15-2021-1455
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cifs-utils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for cifs-utils fixes the following security issues:\n\n- CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239)\n- CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477)\n\nThis update for cifs-utils fixes the following issues:\n\n- Solve invalid directory mounting. When attempting to change the current\n working directory into non-existing directories, mount.cifs crashes.\n (bsc#1152930)\n\n- Fixed a bug where it was no longer possible to mount CIFS filesystem after\n the last maintenance update. (bsc#1184815)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1455,SUSE-SLE-Product-HPC-15-2021-1455,SUSE-SLE-Product-SLES-15-2021-1455,SUSE-SLE-Product-SLES_SAP-15-2021-1455",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1455-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1455-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211455-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1455-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008716.html"
},
{
"category": "self",
"summary": "SUSE Bug 1152930",
"url": "https://bugzilla.suse.com/1152930"
},
{
"category": "self",
"summary": "SUSE Bug 1174477",
"url": "https://bugzilla.suse.com/1174477"
},
{
"category": "self",
"summary": "SUSE Bug 1183239",
"url": "https://bugzilla.suse.com/1183239"
},
{
"category": "self",
"summary": "SUSE Bug 1184815",
"url": "https://bugzilla.suse.com/1184815"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14342 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20208 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20208/"
}
],
"title": "Security update for cifs-utils",
"tracking": {
"current_release_date": "2021-04-30T09:58:58Z",
"generator": {
"date": "2021-04-30T09:58:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1455-1",
"initial_release_date": "2021-04-30T09:58:58Z",
"revision_history": [
{
"date": "2021-04-30T09:58:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.9-3.14.1.aarch64",
"product": {
"name": "cifs-utils-6.9-3.14.1.aarch64",
"product_id": "cifs-utils-6.9-3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.9-3.14.1.aarch64",
"product": {
"name": "cifs-utils-devel-6.9-3.14.1.aarch64",
"product_id": "cifs-utils-devel-6.9-3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.9-3.14.1.aarch64",
"product": {
"name": "pam_cifscreds-6.9-3.14.1.aarch64",
"product_id": "pam_cifscreds-6.9-3.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.9-3.14.1.i586",
"product": {
"name": "cifs-utils-6.9-3.14.1.i586",
"product_id": "cifs-utils-6.9-3.14.1.i586"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.9-3.14.1.i586",
"product": {
"name": "cifs-utils-devel-6.9-3.14.1.i586",
"product_id": "cifs-utils-devel-6.9-3.14.1.i586"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.9-3.14.1.i586",
"product": {
"name": "pam_cifscreds-6.9-3.14.1.i586",
"product_id": "pam_cifscreds-6.9-3.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.9-3.14.1.ppc64le",
"product": {
"name": "cifs-utils-6.9-3.14.1.ppc64le",
"product_id": "cifs-utils-6.9-3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.9-3.14.1.ppc64le",
"product": {
"name": "cifs-utils-devel-6.9-3.14.1.ppc64le",
"product_id": "cifs-utils-devel-6.9-3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.9-3.14.1.ppc64le",
"product": {
"name": "pam_cifscreds-6.9-3.14.1.ppc64le",
"product_id": "pam_cifscreds-6.9-3.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.9-3.14.1.s390x",
"product": {
"name": "cifs-utils-6.9-3.14.1.s390x",
"product_id": "cifs-utils-6.9-3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.9-3.14.1.s390x",
"product": {
"name": "cifs-utils-devel-6.9-3.14.1.s390x",
"product_id": "cifs-utils-devel-6.9-3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.9-3.14.1.s390x",
"product": {
"name": "pam_cifscreds-6.9-3.14.1.s390x",
"product_id": "pam_cifscreds-6.9-3.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.9-3.14.1.x86_64",
"product": {
"name": "cifs-utils-6.9-3.14.1.x86_64",
"product_id": "cifs-utils-6.9-3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.9-3.14.1.x86_64",
"product": {
"name": "cifs-utils-devel-6.9-3.14.1.x86_64",
"product_id": "cifs-utils-devel-6.9-3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.9-3.14.1.x86_64",
"product": {
"name": "pam_cifscreds-6.9-3.14.1.x86_64",
"product_id": "pam_cifscreds-6.9-3.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.aarch64"
},
"product_reference": "cifs-utils-6.9-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.x86_64"
},
"product_reference": "cifs-utils-6.9-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.aarch64"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.x86_64"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.aarch64"
},
"product_reference": "cifs-utils-6.9-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.x86_64"
},
"product_reference": "cifs-utils-6.9-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.aarch64"
},
"product_reference": "cifs-utils-6.9-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.ppc64le"
},
"product_reference": "cifs-utils-6.9-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.s390x"
},
"product_reference": "cifs-utils-6.9-3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.x86_64"
},
"product_reference": "cifs-utils-6.9-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.ppc64le"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.s390x"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.ppc64le"
},
"product_reference": "cifs-utils-6.9-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.9-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.x86_64"
},
"product_reference": "cifs-utils-6.9-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.ppc64le"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.9-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.x86_64"
},
"product_reference": "cifs-utils-devel-6.9-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14342"
}
],
"notes": [
{
"category": "general",
"text": "It was found that cifs-utils\u0027 mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14342",
"url": "https://www.suse.com/security/cve/CVE-2020-14342"
},
{
"category": "external",
"summary": "SUSE Bug 1174477 for CVE-2020-14342",
"url": "https://bugzilla.suse.com/1174477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T09:58:58Z",
"details": "moderate"
}
],
"title": "CVE-2020-14342"
},
{
"cve": "CVE-2021-20208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20208"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20208",
"url": "https://www.suse.com/security/cve/CVE-2021-20208"
},
{
"category": "external",
"summary": "SUSE Bug 1183239 for CVE-2021-20208",
"url": "https://bugzilla.suse.com/1183239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:cifs-utils-devel-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-6.9-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:cifs-utils-devel-6.9-3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T09:58:58Z",
"details": "moderate"
}
],
"title": "CVE-2021-20208"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…