This bug was fixed in the package cifs-utils - 2:7.0-2.1ubuntu0.1
---------------
cifs-utils (2:7.0-2.1ubuntu0.1) oracular-security; urgency=medium
* Skip checking the Kerberos TGT if a valid service ticket
is available. (LP: #2099917)
- d/p/lp2099917-cifs-utils-Skip-TGT-check-if-valid-service.patch
* SECURITY UPDATE: namespace confusion may lead to disclosing
sensitive data from host Kerberos credentials cache. (LP: #2099914)
- d/p/CVE-2025-2312-1.patch: CIFS.upcall to accomodate new
namespace mount opt.
- d/p/CVE-2025-2312-2.patch: cifs-utils: add documentation
for upcall_target.
- CVE-2025-2312
-- Matthew Ruffell <[email protected]> Wed, 02 Apr 2025
15:48:31 +1300
** Changed in: cifs-utils (Ubuntu Oracular)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-2312
** Changed in: cifs-utils (Ubuntu Noble)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2099914
Title:
CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials
cache
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2099914/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
