Update08/10/2025

USN-7688-1: cifs-utils vulnerabilities

Ubuntu Desktop
Canonical

USN-7688-1: cifs-utils vulnerabilities
Publication date: 7 August 2025
Overview: Several security issues were fixed in cifs-utils.
Releases: 16.04 LTS , 14.04 LTS

Packages
cifs-utils - Common Internet File System utilities

Details
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. (CVE-2020-14342)

It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. (CVE-2021-20208)

It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)

It was discovered that cifs-utils incorrectly handled verbose logging. A
local attacker could possibly use this issue to obtain sensitive
information. (CVE-2022-29869)

Update instructions:
The problem can be corrected by updating your system to the following package versions:

16.04 xenial cifs-utils – 2:6.4-1ubuntu1.1+esm1
14.04 trusty cifs-utils – 2:6.0-1ubuntu2+esm1