Control: retitle -1 openafs: CVE-2017-17432: OPENAFS-SA-2017-001: Rx assertion
failure from insufficient input validation
Hi Ben,
On Tue, Dec 05, 2017 at 10:01:14AM -0600, Benjamin Kaduk wrote:
> Source: openafs
> Version: 1.6.1-3+deb7u7
> Tags: security upstream fixed-upstream pending
> Severity: important
>
> Upstream OpenAFS released security advisory OPENAFS-SA-2017-001
> today; insufficient validation of data contained in Rx ack packets
> leads to the use of an invalid MTU value, ultimately leading to an
> assertion failure and application crash or kernel BUG.
This issue has been assigned CVE-2017-17432. Can you foward this
information to upstream?
Regards,
Salvatore