The OpenAFS security team has been alerted to a critical security flaw impacting all implementations of Rx derived from the original Rx implementation from the Andrew Project's AFS-3. This flaw is not limited to the AFS protocol or OpenAFS; other applications that use the Rx RPC protocol are at risk if they use an Andrew-derived Rx implementation.
The vulnerabilities will be tracked via CVE-2015-7762 and CVE-2015-7763. We plan to release details of the vulnerability and patches at approximately 3 p.m. EDT on Wednesday October 28th. Binaries will follow as available. Jeffrey Altman OpenAFS Gatekeeper
signature.asc
Description: OpenPGP digital signature
