- Issued:
- 2013-02-20
- Updated:
- 2013-02-20
RHBA-2013:0408 - Bug Fix Advisory
Synopsis
cifs-utils bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated cifs-utils packages that fix several bugs and add various enhancements
are now available for Red Hat Enterprise Linux 6.
Description
The SMB/CIFS protocol is a standard file sharing protocol widely deployed on
Microsoft Windows machines. This package contains tools for mounting shares on
Linux using the SMB/CIFS protocol. The tools in this package work in conjunction
with support in the kernel to allow one to mount a SMB/CIFS share onto a client
and use it as if it were a standard Linux file system.
This update fixes the following bugs:
- When the mount.cifs utility ran out of addresses to try, it returned the
"System error" error code (EX_SYSERR) to the caller service. The utility has
been modified and it now correctly returns the "Mount failure" error code
(EX_FAIL). (BZ#856729)
- Typically, "/" characters are not allowed in user names for Microsoft Windows
systems, but they are common in certain types of kerberos principal names.
However, mount.cifs previously allowed the use of "/" in user names, which
caused attempts to mount CIFS file systems to fail. With this package, "/"
characters are now allowed in user names if the "sec=krb5" or "sec=krb5i" mount
options are specified, thus CIFS file systems can now be mounted as expected.
(BZ#826825)
- Previously, the cifs-utils packages were compiled without the RELRO (read-only
relocations) and PIE (Position Independent Executables) flags. Programs provided
by this package could be vulnerable to various attacks based on overwriting the
ELF section of a program. The "-pie" and "-fpie" options enable the building of
position-independent executables, and the "-Wl","-z","relro" turns on read-only
relocation support in gcc. These options are important for security purposes to
guard against possible buffer overflows that lead to exploits. The cifs-utils
binaries are now built with PIE and full RELRO support. The cifs-utils binary is
now more secured against "return-to-text" and memory corruption attacks and also
against attacks based on the program's ELF section overwriting. (BZ#838606)
In addition, this update adds the following enhancements:
- With this update, the "strictcache", "actimeo", "cache=" and "rwpidforward"
mount options are now documented in the mount.cifs(8) manual page. (BZ#843596)
- The "getcifsacl", "setcifsacl" and "cifs.idmap" programs have been added to
the package. These utilities allow users to manipulate ACLs on CIFS shares and
allow the mapping of Windows security IDs to POSIX user and group IDs.
(BZ#843612)
- With this update, the cifs.idmap helper, which allows SID to UID and SID to
GID mapping, has been added to the package. Also, the manual page cifs.upcall(8)
has been updated and cifs.idmap(8) has been added. (BZ#843617)
Users of cifs-utils are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
Fixes
- BZ - 838606 - enable PIE and RELRO in cifs-utils binaries
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| x86_64 | |
| cifs-utils-4.8.1-18.el6.x86_64.rpm | SHA-256: 0c341db41663d26bac604f21633fa0d34e6a2dd283b74a7e4d911a2ab646b34b |
| cifs-utils-debuginfo-4.8.1-18.el6.x86_64.rpm | SHA-256: 118da4e7c6c97890aaba3e80289216ca76f4b0fb7ce9c3c11d6cf28c05b01cbd |
| i386 | |
| cifs-utils-4.8.1-18.el6.i686.rpm | SHA-256: 28c5759f31be46281ba53be9d7c7786475dbd2224dfa0d5f7a73a904558d6081 |
| cifs-utils-debuginfo-4.8.1-18.el6.i686.rpm | SHA-256: c49c421214ec50a16c2edc01e78e9baf4eed39956134e9ce7be6955a0bae3fad |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| x86_64 | |
| cifs-utils-4.8.1-18.el6.x86_64.rpm | SHA-256: 0c341db41663d26bac604f21633fa0d34e6a2dd283b74a7e4d911a2ab646b34b |
| cifs-utils-debuginfo-4.8.1-18.el6.x86_64.rpm | SHA-256: 118da4e7c6c97890aaba3e80289216ca76f4b0fb7ce9c3c11d6cf28c05b01cbd |
| i386 | |
| cifs-utils-4.8.1-18.el6.i686.rpm | SHA-256: 28c5759f31be46281ba53be9d7c7786475dbd2224dfa0d5f7a73a904558d6081 |
| cifs-utils-debuginfo-4.8.1-18.el6.i686.rpm | SHA-256: c49c421214ec50a16c2edc01e78e9baf4eed39956134e9ce7be6955a0bae3fad |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| x86_64 | |
| cifs-utils-4.8.1-18.el6.x86_64.rpm | SHA-256: 0c341db41663d26bac604f21633fa0d34e6a2dd283b74a7e4d911a2ab646b34b |
| cifs-utils-debuginfo-4.8.1-18.el6.x86_64.rpm | SHA-256: 118da4e7c6c97890aaba3e80289216ca76f4b0fb7ce9c3c11d6cf28c05b01cbd |
| i386 | |
| cifs-utils-4.8.1-18.el6.i686.rpm | SHA-256: 28c5759f31be46281ba53be9d7c7786475dbd2224dfa0d5f7a73a904558d6081 |
| cifs-utils-debuginfo-4.8.1-18.el6.i686.rpm | SHA-256: c49c421214ec50a16c2edc01e78e9baf4eed39956134e9ce7be6955a0bae3fad |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| x86_64 | |
| cifs-utils-4.8.1-18.el6.x86_64.rpm | SHA-256: 0c341db41663d26bac604f21633fa0d34e6a2dd283b74a7e4d911a2ab646b34b |
| cifs-utils-debuginfo-4.8.1-18.el6.x86_64.rpm | SHA-256: 118da4e7c6c97890aaba3e80289216ca76f4b0fb7ce9c3c11d6cf28c05b01cbd |
| i386 | |
| cifs-utils-4.8.1-18.el6.i686.rpm | SHA-256: 28c5759f31be46281ba53be9d7c7786475dbd2224dfa0d5f7a73a904558d6081 |
| cifs-utils-debuginfo-4.8.1-18.el6.i686.rpm | SHA-256: c49c421214ec50a16c2edc01e78e9baf4eed39956134e9ce7be6955a0bae3fad |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| s390x | |
| cifs-utils-4.8.1-18.el6.s390x.rpm | SHA-256: 8ba28152649fe9dfd9c8e0eef9022da56e44384d6b587db26e6381d12525b4d7 |
| cifs-utils-debuginfo-4.8.1-18.el6.s390x.rpm | SHA-256: 41560aae5e75f6ff5612f65c869fbbb72fb2cf5e806965aa1964b8390c1d6497 |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| ppc64 | |
| cifs-utils-4.8.1-18.el6.ppc64.rpm | SHA-256: 2b4d1adff0a5f5603b96ce8df67f495c3785d7182e3274394fb07c9788ca5aa9 |
| cifs-utils-debuginfo-4.8.1-18.el6.ppc64.rpm | SHA-256: 9de7f00f922a846b9af1e7e6dd3f6389957fd03b0c46eb1995451c773d25d179 |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| x86_64 | |
| cifs-utils-4.8.1-18.el6.x86_64.rpm | SHA-256: 0c341db41663d26bac604f21633fa0d34e6a2dd283b74a7e4d911a2ab646b34b |
| cifs-utils-debuginfo-4.8.1-18.el6.x86_64.rpm | SHA-256: 118da4e7c6c97890aaba3e80289216ca76f4b0fb7ce9c3c11d6cf28c05b01cbd |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| x86_64 | |
| cifs-utils-4.8.1-18.el6.x86_64.rpm | SHA-256: 0c341db41663d26bac604f21633fa0d34e6a2dd283b74a7e4d911a2ab646b34b |
| cifs-utils-debuginfo-4.8.1-18.el6.x86_64.rpm | SHA-256: 118da4e7c6c97890aaba3e80289216ca76f4b0fb7ce9c3c11d6cf28c05b01cbd |
| i386 | |
| cifs-utils-4.8.1-18.el6.i686.rpm | SHA-256: 28c5759f31be46281ba53be9d7c7786475dbd2224dfa0d5f7a73a904558d6081 |
| cifs-utils-debuginfo-4.8.1-18.el6.i686.rpm | SHA-256: c49c421214ec50a16c2edc01e78e9baf4eed39956134e9ce7be6955a0bae3fad |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
| SRPM | |
|---|---|
| cifs-utils-4.8.1-18.el6.src.rpm | SHA-256: 6cf92c15e4e27c142006d673c2836d9a4f6ec40e719b5868f03451a7493b5001 |
| s390x | |
| cifs-utils-4.8.1-18.el6.s390x.rpm | SHA-256: 8ba28152649fe9dfd9c8e0eef9022da56e44384d6b587db26e6381d12525b4d7 |
| cifs-utils-debuginfo-4.8.1-18.el6.s390x.rpm | SHA-256: 41560aae5e75f6ff5612f65c869fbbb72fb2cf5e806965aa1964b8390c1d6497 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.