ALSA-2026:39575

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:39575.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:39575
Related
  • CVE-2026-12505
Published
2026-07-15T00:00:00Z
Modified
2026-07-15T12:00:04.922383871Z
Summary
Important: cifs-utils security, bug fix, and enhancement update
Details

The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a SMB/CIFS share onto a client and use it as if it were a standard Linux file system.

Security Fix(es):

  • cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall (CVE-2026-12505)

Bug Fix(es) and Enhancement(s):

  • add sssd method for mapping SID to UID/GID in man page of mount.cifs [almalinux-8.10.z] (JIRA:AlmaLinux-41059)
  • Update the mount.cifs man page to match the 3*echo_interval reconnection timeout (JIRA:AlmaLinux-80397)
  • cifs-utils: regression with kerberos mount [almalinux-8.10.z] (JIRA:AlmaLinux-192933)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / cifs-utils

Package

Name
cifs-utils
Purl
pkg:rpm/almalinux/cifs-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0-5.el8_10

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:39575.json"

AlmaLinux:8 / cifs-utils-devel

Package

Name
cifs-utils-devel
Purl
pkg:rpm/almalinux/cifs-utils-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0-5.el8_10

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:39575.json"

AlmaLinux:8 / pam_cifscreds

Package

Name
pam_cifscreds
Purl
pkg:rpm/almalinux/pam_cifscreds

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0-5.el8_10

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:39575.json"