[Bug 1204195] Re: OpenAFS Security Advisories 2013-0003 and 2013-0004

Thu, 25 Jul 2013 10:02:24 -0700 

This bug was fixed in the package openafs - 1.4.12+dfsg-3+ubuntu0.3

---------------
openafs (1.4.12+dfsg-3+ubuntu0.3) lucid-security; urgency=high

  * SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
    vos -encrypt doesn't encrypt connection data.
    Buffer overflows which could cause a serverside denial of service.
    - Files changed:
        src/aklog/aklog_main.c
        src/aklog/klog.c
        src/auth/akimpersonate.c
        src/auth/akimpersonate.h
        src/auth/akimpersonate_v5gen.c
        src/auth/akimpersonate_v5gen.h
        src/auth/authcon.c
        src/auth/Makefile.in
        src/bozo/bosserver.c
        src/bozo/Makefile.in
        src/bucoord/Makefile.in
        src/budb/Makefile.in
        src/budb/server.c
        src/butc/Makefile.in
        src/cf/kerberos.m4
        src/config/Makefile.config.in
        src/fsprobe/Makefile.in
        src/kauth/Makefile.in
        src/libafsauthent/Makefile.in
        src/ptserver/Makefile.in
        src/ptserver/ptserver.c
        src/rxkad/Makefile.in
        src/rxkad/private_data.h
        src/rxkad/rxkad.p.h
        src/rxkad/rxkad_prototypes.h
        src/rxkad/rxkad_server.c
        src/rxkad/ticket5.c
        src/rxkad/ticket5_keytab.c
        src/scout/Makefile.in
        src/shlibafsauthent/Makefile.in
        src/shlibafsrpc/mapfile
        src/tbutc/Makefile.in
        src/tsm41/Makefile.in
        src/tviced/Makefile.in
        src/tvolser/Makefile.in
        src/update/Makefile.in
        src/update/server.c
        src/uss/Makefile.in
        src/util/dirpath.c
        src/util/dirpath.hin
        src/venus/Makefile.in
        src/viced/Makefile.in
        src/viced/viced.c
        src/vlserver/Makefile.in
        src/vlserver/vlserver.c
        src/volser/Makefile.in
        src/volser/volmain.c
    - Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, and Ben Kaduk for
      the above fixes
    - OPENAFS-SA-2013-003
    - OPENAFS-SA-2013-004
    - CVE-2013-4134
    - CVE-2013-4135
    - LP: #1204195
 -- Luke Faraone <[email protected]>   Wed, 24 Jul 2013 18:07:21 -0400

** Changed in: openafs (Ubuntu Lucid)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1204195

Title:
  OpenAFS Security Advisories 2013-0003 and 2013-0004

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1204195/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to