-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 The OpenAFS Security Team is pleased to announce the availability of OpenAFS version 1.6.20 for UNIX/Linux. Source files can be accessed via the web at:
https://www.openafs.org/dl/openafs/1.6.20/ or via AFS at: /afs/grand.central.org/software/openafs/1.6.20/ \\afs\grand.central.org\software\openafs\1.6.20\ There are no binaries yet. Those will be uploaded as they become available. OpenAFS 1.6.20 is the next in the current series of stable releases of OpenAFS for all platforms except Microsoft Windows. This release fixes the vulnerability tracked as OPENAFS-SA-2016-003. OPENAFS-SA-2016-003: Directory information (file/directory names, etc.) leakage over the network due to buffer reuse without zeroing For more details please see https://dl.openafs.org/dl/1.6.20/RELNOTES-1.6.20 https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt Bug reports should be filed to [email protected]. ACKNOWLEDGEMENTS OPENAFS-SA-2016-003 was reported by Mark Vitale Benjamin Kaduk OpenAFS Security Officer -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGgBAEBCgAGBQJYP3i7AAoJECjZpvNk63USd8wMHiY+7TFn6VYOYurdj6LqEMij tZgGjDQNbcYqhhWr6/aEl9p7gMgZRhy9G/6NSM5P5kShVkj9S8P6GGArfTeMFOsu vKaJl4Dvmcn55Uh+ENOcWt2E4aINTLwVNeSe2fvt4w7wQzxZ+jtHbVFdlm8tCSiz aePx4H7pv0aYwDhnPO7yyN0ifUgbNUZCSUgN3lemJuX3lHavXI2lOZPJ9ze76o3d EXm35rrgOWOMpLAr8VkZLwm3oxp5QUNSX1Tbq2XwOhTnpdf5uqYChsisU3bxxq+k Hyl2BF907uzNTCe9kQaeGjtrmCIAsibZMv2VaH2oF8iKrd/ovJ5gt7Vx0HJJrNjx RM2r/juVrdndD+iucTUGZtlhodVTP9Awe5vhlsyTxpIoqmAJdjK1vhW1jBgzEWA+ Be9gP5e25TkQXgFbS6WzIpgo3w3snjDtK8cxST3hOGSSuApyolk8kE1wGJF6V7fe kT21NqHpOvJTwjnQQNBX2d17vdxl6rAN8bujlHC1yu1jr5M= =FJn9 -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-announce mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-announce
