openafs (1.6.13-1) unstable; urgency=high
* New upstream security release.
- OPENAFS-SA-2015-001 CVE-2015-3282: vos leaks stack data onto the wire
in the clear when creating vldb entries
- OPENAFS-SA-2015-002 CVE-2015-3283: bos commands can be spoofed,
including some which alter server state
- OPENAFS-SA-2015-003 CVE-2015-3284: pioctls leak kernel memory contents
- OPENAFS-SA-2015-004 CVE-2015-3285: kernel pioctl support for OSD
command passing can trigger a panic
- OPENAFS-SA02015-005 CVE 2015-3286 is Solaris-specific and did not
affect Debian
- OPENAFS-SA-2015-006: buffer overflow in vlserver
* Also includes changes from the upstream 1.6.12 release:
- Avoid database corruption if a database server is shut down and
brought up again quickly with an altered database
- Fix a potential buffer overflow in aklog
- Support for Linux kernels up to 4.1
- Avoid spurious EIO errors when writing large chunks of data to
mmapped files
Date: 2015-07-31 04:21:30.975592+00:00
Signed-By: Logan Rosen <[email protected]>
https://launchpad.net/ubuntu/+source/openafs/1.6.13-1
Sorry, changesfile not available.
--
Wily-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/wily-changes