[ubuntu/trusty-security] openafs 1.6.7-1ubuntu1.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Nov 10 15:22:03 UTC 2015

openafs (1.6.7-1ubuntu1.1) trusty-security; urgency=low

  * SECURITY UPDATES (LP: #1513461):
    - CVE-2015-3282: Clear nvldbentry before sending on the wire
    - CVE-2015-3283: Use crypt for commands where spoofing could be a risk
    - CVE-2015-3284: Clear pioctl data interchange buffer before use
    - CVE-2015-3285: Use correct output buffer for FSCmd pioctl
    - CVE-2015-6587: Disable regex volume name processing in ListAttributesN2
    - CVE-2015-7762: Apply OPENAFS-SA-2015-007 "Tattletale" patch
    - CVE-2015-7763: Apply OPENAFS-SA-2015-007 "Tattletale" patch
    - OPENAFS-SA-2015-007.patch: Rx ACK packets leak plaintext of previous packets

Date: 2015-11-10 14:30:13.718480+00:00
Changed-By: Klas Mattsson <klas.mattsson at su.se>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list