[ubuntu/lucid-updates] openafs 1.4.12+dfsg-3+ubuntu0.3 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jul 25 17:28:22 UTC 2013 

openafs (1.4.12+dfsg-3+ubuntu0.3) lucid-security; urgency=high

  * SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
    vos -encrypt doesn't encrypt connection data.
    Buffer overflows which could cause a serverside denial of service.
    - Files changed:
        src/aklog/aklog_main.c
        src/aklog/klog.c
        src/auth/akimpersonate.c
        src/auth/akimpersonate.h
        src/auth/akimpersonate_v5gen.c
        src/auth/akimpersonate_v5gen.h
        src/auth/authcon.c
        src/auth/Makefile.in
        src/bozo/bosserver.c
        src/bozo/Makefile.in
        src/bucoord/Makefile.in
        src/budb/Makefile.in
        src/budb/server.c
        src/butc/Makefile.in
        src/cf/kerberos.m4
        src/config/Makefile.config.in
        src/fsprobe/Makefile.in
        src/kauth/Makefile.in
        src/libafsauthent/Makefile.in
        src/ptserver/Makefile.in
        src/ptserver/ptserver.c
        src/rxkad/Makefile.in
        src/rxkad/private_data.h
        src/rxkad/rxkad.p.h
        src/rxkad/rxkad_prototypes.h
        src/rxkad/rxkad_server.c
        src/rxkad/ticket5.c
        src/rxkad/ticket5_keytab.c
        src/scout/Makefile.in
        src/shlibafsauthent/Makefile.in
        src/shlibafsrpc/mapfile
        src/tbutc/Makefile.in
        src/tsm41/Makefile.in
        src/tviced/Makefile.in
        src/tvolser/Makefile.in
        src/update/Makefile.in
        src/update/server.c
        src/uss/Makefile.in
        src/util/dirpath.c
        src/util/dirpath.hin
        src/venus/Makefile.in
        src/viced/Makefile.in
        src/viced/viced.c
        src/vlserver/Makefile.in
        src/vlserver/vlserver.c
        src/volser/Makefile.in
        src/volser/volmain.c
    - Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, and Ben Kaduk for
      the above fixes
    - OPENAFS-SA-2013-003
    - OPENAFS-SA-2013-004
    - CVE-2013-4134
    - CVE-2013-4135
    - LP: #1204195

Date: 2013-07-24 23:54:13.700302+00:00
Changed-By: Luke Faraone <luke at faraone.cc>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/lucid/+source/openafs/1.4.12+dfsg-3+ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Lucid-changes mailing list