UbuntuUpdates.org

Package "openafs-modules-source"

Name: openafs-modules-source

Description:

AFS distributed filesystem kernel module source

Latest version: 1.6.7-1ubuntu1.1
Release: trusty (14.04)
Level: security
Repository: universe
Head package: openafs
Homepage: http://www.openafs.org/

Links


Download "openafs-modules-source"


Other versions of "openafs-modules-source" in Trusty

Repository Area Version
base universe 1.6.7-1
updates universe 1.6.7-1ubuntu1.1

Changelog

Version: 1.6.7-1ubuntu1.1 2015-11-10 17:06:33 UTC

  openafs (1.6.7-1ubuntu1.1) trusty-security; urgency=low

  * SECURITY UPDATES (LP: #1513461):
    - CVE-2015-3282: Clear nvldbentry before sending on the wire
    - CVE-2015-3283: Use crypt for commands where spoofing could be a risk
    - CVE-2015-3284: Clear pioctl data interchange buffer before use
    - CVE-2015-3285: Use correct output buffer for FSCmd pioctl
    - CVE-2015-6587: Disable regex volume name processing in ListAttributesN2
    - CVE-2015-7762: Apply OPENAFS-SA-2015-007 "Tattletale" patch
    - CVE-2015-7763: Apply OPENAFS-SA-2015-007 "Tattletale" patch
    - OPENAFS-SA-2015-007.patch: Rx ACK packets leak plaintext of previous packets

 -- Klas Mattsson Tue, 10 Nov 2015 08:03:52 +0100

1513461 OPENAFS-SA-2015-007 \
CVE-2015-3282 vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.
CVE-2015-3283 OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
CVE-2015-3284 pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
CVE-2015-3285 The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to ca
CVE-2015-6587 The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted reg
CVE-2015-7762 rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowl
CVE-2015-7763 rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx ackno



About   -   Send Feedback to @ubuntu_updates