[Bug 356861] Re: OpenAFS Security Advisories 2009-001 and 2009-002

Thu Apr 16 19:48:27 BST 2009

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are new debdiffs for Dapper, Hardy, and Intrepid - I wanted to
add the openafs-client.NEWS changes for Dapper and Intrepid to make
sure that people were notified to rebuild their kernel modules.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknnfXoACgkQ8mayMfLWcrCsZwCfe0s0sI1nBEloDEm8on283Y0p
Zp4An09wkuBcH4+KJJUFkhKymlVUII/Q
=eJFd
-----END PGP SIGNATURE-----

** Attachment added: "openafs_1.4.1-2+ubuntu0.1.debdiff"
   http://launchpadlibrarian.net/25552980/openafs_1.4.1-2%2Bubuntu0.1.debdiff

** Attachment added: "openafs_1.4.6.dfsg1-2+ubuntu0.1.debdiff"
   http://launchpadlibrarian.net/25552981/openafs_1.4.6.dfsg1-2%2Bubuntu0.1.debdiff

** Attachment added: "openafs_1.4.7.dfsg1-6+ubuntu0.1.debdiff"
   http://launchpadlibrarian.net/25552982/openafs_1.4.7.dfsg1-6%2Bubuntu0.1.debdiff

** Description changed:

  To fix this for...

- Dapper: http://launchpadlibrarian.net/25541052/openafs_1.4.1-2%2Bubuntu0.1.debdiff
+ Dapper: http://launchpadlibrarian.net/25552980/openafs_1.4.1-2%2Bubuntu0.1.debdiff
  This additionally fixes OPENAFS-SA-2007-003 (aka CVE-2007-6599 aka bug #180792) and OPENAFS-SA-2007-001 (aka CVE-2007-1507 aka bug #94787)

  Hardy:
- http://launchpadlibrarian.net/25466938/openafs_1.4.6.dfsg1-2%2Bubuntu0.1.debdiff
+ http://launchpadlibrarian.net/25552981/openafs_1.4.6.dfsg1-2%2Bubuntu0.1.debdiff

- Intrepid: Sync 1.4.7.dfsg1-6+lenny1 from Debian Lenny.
- (debdiff for reference: http://launchpadlibrarian.net/25541427/openafs_1.4.7.dfsg1-6%2Blenny1.debdiff)
+ Intrepid:
+ http://launchpadlibrarian.net/25552982/openafs_1.4.7.dfsg1-6%2Bubuntu0.1.debdiff

  Jaunty: http://web.mit.edu/andersk/Public/openafs/openafs_1.4.9.dfsg1-0+ubuntu1.dsc
  (debdiff for reference: http://web.mit.edu/andersk/Public/openafs/openafs_1.4.8.dfsg1-3_1.4.9.dfsg1-0+ubuntu1.debdiff )

  ===

  Two security advisories released today affect all versions of OpenAFS from 1.0 through 1.4.8.  They have both been corrected in the simultaneous release of 1.4.9 (which only fixes these two issues over 1.4.8) and 1.4.10 (which also includes other bugfixes).  Release announcement:
  <http://lists.openafs.org/pipermail/openafs-announce/2009/000285.html>

  OPENAFS-SA-2009-001 - Network based buffer overflow attack against Unix cache manager
  <http://www.openafs.org/security/OPENAFS-SA-2009-001.txt>
  AFS's XDR data marshalling language permits the construction of arrays with a size constrained by the interface definition. The XDR decoding language will accept data from the server up to this maximum size, which in some cases is stored into a buffer allocated by the client. In several locations, the AFS client assumes that the server will never return more data than requested, and so allocates a buffer smaller than this maximum size. Whilst this causes no problems when communicating with valid servers, an attacker can return more data than expected, and overflow the client's buffer.

  OPENAFS-SA-2009-002 - Denial of service attack against Linux cache manager
  <http://www.openafs.org/security/OPENAFS-SA-2009-002.txt>
  AFS may pass an error code obtained from the fileserver directly to the Linux kernel, using a Linux mechanism that merges error codes and pointers into a single value. However, this mechanism is unable to distinguish certain error codes from pointers. When AFS returns a code of this type to the kernel, the kernel treats it as a pointer and attempts to dereference it. This causes a kernel panic, and results in a denial of service attack.

** Changed in: openafs (Ubuntu Intrepid)
       Status: Incomplete => In Progress

-- 
OpenAFS Security Advisories 2009-001 and 2009-002
https://bugs.launchpad.net/bugs/356861
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.