{"id":"USN-8496-2","summary":"cifs-utils regression","details":"USN-8496-1 fixed a vulnerability in cifs-utils. Unfortunately, the fix\nintroduced a regression with Kerberos mounts. This update reverts the\nsecurity update until a complete fix is available.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that cifs-utils incorrectly dropped root privileges\n before looking up user information. A local attacker could possibly use\n this issue to execute arbitrary code as the root user.","modified":"2026-07-04T02:00:06.067223032Z","published":"2026-07-03T18:49:32Z","related":["UBUNTU-CVE-2026-12505"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8496-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/2159053"}],"affected":[{"package":{"name":"cifs-utils","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/cifs-utils?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:6.14-1ubuntu0.5"}]}],"versions":["2:6.11-3.1","2:6.14-1","2:6.14-1build1","2:6.14-1ubuntu0.1","2:6.14-1ubuntu0.2","2:6.14-1ubuntu0.3","2:6.14-1ubuntu0.4"],"ecosystem_specific":{"binaries":[{"binary_name":"cifs-utils","binary_version":"2:6.14-1ubuntu0.5"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8496-2.json"}},{"package":{"name":"cifs-utils","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/cifs-utils?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.0-2ubuntu0.4"}]}],"versions":["2:7.0-2","2:7.0-2build1","2:7.0-2ubuntu0.1","2:7.0-2ubuntu0.2","2:7.0-2ubuntu0.3"],"ecosystem_specific":{"binaries":[{"binary_name":"cifs-utils","binary_version":"2:7.0-2ubuntu0.4"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8496-2.json"}},{"package":{"name":"cifs-utils","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/cifs-utils?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4-1ubuntu0.25.10.2"}]}],"versions":["2:7.2-2","2:7.3-1","2:7.4-1","2:7.4-1ubuntu0.25.10.1"],"ecosystem_specific":{"binaries":[{"binary_name":"cifs-utils","binary_version":"2:7.4-1ubuntu0.25.10.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8496-2.json"}},{"package":{"name":"cifs-utils","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/cifs-utils?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4-1ubuntu0.26.04.2"}]}],"versions":["2:7.4-1","2:7.4-1build1","2:7.4-1ubuntu0.26.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"cifs-utils","binary_version":"2:7.4-1ubuntu0.26.04.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:26.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8496-2.json"}}],"schema_version":"1.7.5"}