- Issued:
- 2013-02-20
- Updated:
- 2013-02-20
RHBA-2013:0408 - cifs-utils bug fix and enhancement update
Synopsis
cifs-utils bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated cifs-utils packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
Description
The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. This package contains tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a SMB/CIFS share onto a client and use it as if it were a standard Linux file system.
This update fixes the following bugs:
-
When the mount.cifs utility ran out of addresses to try, it returned the "System error" error code (EX_SYSERR) to the caller service. The utility has been modified and it now correctly returns the "Mount failure" error code (EX_FAIL). (BZ#856729)
-
Typically, "/" characters are not allowed in user names for Microsoft Windows systems, but they are common in certain types of kerberos principal names. However, mount.cifs previously allowed the use of "/" in user names, which caused attempts to mount CIFS file systems to fail. With this package, "/" characters are now allowed in user names if the "sec=krb5" or "sec=krb5i" mount options are specified, thus CIFS file systems can now be mounted as expected. (BZ#826825)
-
Previously, the cifs-utils packages were compiled without the RELRO (read-only relocations) and PIE (Position Independent Executables) flags. Programs provided by this package could be vulnerable to various attacks based on overwriting the ELF section of a program. The "-pie" and "-fpie" options enable the building of position-independent executables, and the "-Wl","-z","relro" turns on read-only relocation support in gcc. These options are important for security purposes to guard against possible buffer overflows that lead to exploits. The cifs-utils binaries are now built with PIE and full RELRO support. The cifs-utils binary is now more secured against "return-to-text" and memory corruption attacks and also against attacks based on the program's ELF section overwriting. (BZ#838606)
In addition, this update adds the following enhancements:
-
With this update, the "strictcache", "actimeo", "cache=" and "rwpidforward" mount options are now documented in the mount.cifs(8) manual page. (BZ#843596)
-
The "getcifsacl", "setcifsacl" and "cifs.idmap" programs have been added to the package. These utilities allow users to manipulate ACLs on CIFS shares and allow the mapping of Windows security IDs to POSIX user and group IDs. (BZ#843612)
-
With this update, the cifs.idmap helper, which allows SID to UID and SID to GID mapping, has been added to the package. Also, the manual page cifs.upcall(8) has been updated and cifs.idmap(8) has been added. (BZ#843617)
Users of cifs-utils are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- cifs-utils-4.8.1-18.el6.x86_64.rpm
- cifs-utils-4.8.1-18.el6.src.rpm
- cifs-utils-debuginfo-4.8.1-18.el6.ppc64.rpm
- cifs-utils-debuginfo-4.8.1-18.el6.x86_64.rpm
- cifs-utils-debuginfo-4.8.1-18.el6.i686.rpm
- cifs-utils-debuginfo-4.8.1-18.el6.s390x.rpm
- cifs-utils-4.8.1-18.el6.s390x.rpm
- cifs-utils-4.8.1-18.el6.i686.rpm
- cifs-utils-4.8.1-18.el6.ppc64.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.