[ubuntu/lucid-security] openafs 1.4.12+dfsg-3+ubuntu0.3 (Accepted)
Seth Arnold
seth.arnold at canonical.com
Thu Jul 25 16:55:26 UTC 2013
openafs (1.4.12+dfsg-3+ubuntu0.3) lucid-security; urgency=high
* SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
vos -encrypt doesn't encrypt connection data.
Buffer overflows which could cause a serverside denial of service.
- Files changed:
src/aklog/aklog_main.c
src/aklog/klog.c
src/auth/akimpersonate.c
src/auth/akimpersonate.h
src/auth/akimpersonate_v5gen.c
src/auth/akimpersonate_v5gen.h
src/auth/authcon.c
src/auth/Makefile.in
src/bozo/bosserver.c
src/bozo/Makefile.in
src/bucoord/Makefile.in
src/budb/Makefile.in
src/budb/server.c
src/butc/Makefile.in
src/cf/kerberos.m4
src/config/Makefile.config.in
src/fsprobe/Makefile.in
src/kauth/Makefile.in
src/libafsauthent/Makefile.in
src/ptserver/Makefile.in
src/ptserver/ptserver.c
src/rxkad/Makefile.in
src/rxkad/private_data.h
src/rxkad/rxkad.p.h
src/rxkad/rxkad_prototypes.h
src/rxkad/rxkad_server.c
src/rxkad/ticket5.c
src/rxkad/ticket5_keytab.c
src/scout/Makefile.in
src/shlibafsauthent/Makefile.in
src/shlibafsrpc/mapfile
src/tbutc/Makefile.in
src/tsm41/Makefile.in
src/tviced/Makefile.in
src/tvolser/Makefile.in
src/update/Makefile.in
src/update/server.c
src/uss/Makefile.in
src/util/dirpath.c
src/util/dirpath.hin
src/venus/Makefile.in
src/viced/Makefile.in
src/viced/viced.c
src/vlserver/Makefile.in
src/vlserver/vlserver.c
src/volser/Makefile.in
src/volser/volmain.c
- Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, and Ben Kaduk for
the above fixes
- OPENAFS-SA-2013-003
- OPENAFS-SA-2013-004
- CVE-2013-4134
- CVE-2013-4135
- LP: #1204195
Date: 2013-07-24 23:54:13.700302+00:00
Changed-By: Luke Faraone <luke at faraone.cc>
Signed-By: Seth Arnold <seth.arnold at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/openafs/1.4.12+dfsg-3+ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Lucid-changes
mailing list