On Apr 8, 2009, at 9:38 AM, Simon Wilkinson wrote:
[Mac OS X] 10.3 is affected. 10.4 and 10.5 are not.
Thanks for the clarification, Simon. As a follow-up, in the notice for
the Security Advisory 2009-001, it says:
FIXES
=====
The OpenAFS project recommends that administrators with Unix clients
upgrade to OpenAFS version 1.4.9 or newer, or as appropriate for
people
testing features in the OpenAFS 1.5 series, OpenAFS version 1.5.59
or newer.
Only Unix clients need to be upgraded to address the issue in this
advisory.
For those sites unable, or unwilling, to upgrade a patch which
resolves this
issue is available as
STABLE14-avoid-buffer-overflow-on-rx-fixed-size-array-
return-20090402
in the OpenAFS delta system, or directly from
http://www.openafs.org/security/openafs-sa-2009-001.patch
The corresponding PGP signature is available from
http://www.openafs.org/security/openafs-sa-2009-001.sig
Note that this patch is against 1.4.8, although it may apply to
earlier
releases, and to other branches.
Now that it's indicated Mac OS X 10.3 is affected, there appears to be
no tested patch, and no .pkg installer above 1.4.1. per <http://openafs.org/pages/macos.html#panther
>.
Suggestions?
Noah
-------------------
Noah Abrahamson
CRC Server Group
Stanford University
+1 (650) 736-4179
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
