This bug was fixed in the package cifs-utils - 2:6.14-1ubuntu0.2
---------------
cifs-utils (2:6.14-1ubuntu0.2) jammy-security; urgency=medium
* Skip checking the Kerberos TGT if a valid service ticket
is available. (LP: #2099917)
- d/p/lp2099917-cifs-utils-Skip-TGT-check-if-valid-service.patch
* SECURITY UPDATE: namespace confusion may lead to disclosing
sensitive data from host Kerberos credentials cache. (LP: #2099914)
- d/p/CVE-2025-2312-1.patch: CIFS.upcall to accomodate new
namespace mount opt.
- d/p/CVE-2025-2312-2.patch: cifs-utils: add documentation
for upcall_target.
- CVE-2025-2312
-- Matthew Ruffell <[email protected]> Wed, 02 Apr 2025
16:56:51 +1300
** Changed in: cifs-utils (Ubuntu Focal)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2099914
Title:
CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials
cache
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2099914/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
