Ubuntu
openafs package

Bug #1204195
Comment #16

Comment 16 for bug 1204195

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-07-25:

#16

This bug was fixed in the package openafs - 1.4.12+dfsg-3+ubuntu0.3

---------------
openafs (1.4.12+dfsg-3+ubuntu0.3) lucid-security; urgency=high

  * SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
    vos -encrypt doesn't encrypt connection data.
    Buffer overflows which could cause a serverside denial of service.
    - Files changed:
        src/aklog/aklog_main.c
        src/aklog/klog.c
        src/auth/akimpersonate.c
        src/auth/akimpersonate.h
        src/auth/akimpersonate_v5gen.c
        src/auth/akimpersonate_v5gen.h
        src/auth/authcon.c
        src/auth/Makefile.in
        src/bozo/bosserver.c
        src/bozo/Makefile.in
        src/bucoord/Makefile.in
        src/budb/Makefile.in
        src/budb/server.c
        src/butc/Makefile.in
        src/cf/kerberos.m4
        src/config/Makefile.config.in
        src/fsprobe/Makefile.in
        src/kauth/Makefile.in
        src/libafsauthent/Makefile.in
        src/ptserver/Makefile.in
        src/ptserver/ptserver.c
        src/rxkad/Makefile.in
        src/rxkad/private_data.h
        src/rxkad/rxkad.p.h
        src/rxkad/rxkad_prototypes.h
        src/rxkad/rxkad_server.c
        src/rxkad/ticket5.c
        src/rxkad/ticket5_keytab.c
        src/scout/Makefile.in
        src/shlibafsauthent/Makefile.in
        src/shlibafsrpc/mapfile
        src/tbutc/Makefile.in
        src/tsm41/Makefile.in
        src/tviced/Makefile.in
        src/tvolser/Makefile.in
        src/update/Makefile.in
        src/update/server.c
        src/uss/Makefile.in
        src/util/dirpath.c
        src/util/dirpath.hin
        src/venus/Makefile.in
        src/viced/Makefile.in
        src/viced/viced.c
        src/vlserver/Makefile.in
        src/vlserver/vlserver.c
        src/volser/Makefile.in
        src/volser/volmain.c
    - Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, and Ben Kaduk for
      the above fixes
    - OPENAFS-SA-2013-003
    - OPENAFS-SA-2013-004
    - CVE-2013-4134
    - CVE-2013-4135
    - LP: #1204195
-- Luke Faraone <email address hidden> Wed, 24 Jul 2013 18:07:21 -0400

This bug was fixed in the package openafs - 1.4.12+dfsg-3+ubuntu0.3

---------------
openafs (1.4.12+dfsg-3+ubuntu0.3) lucid-security; urgency=high

* SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
    vos -encrypt doesn't encrypt connection data.
    Buffer overflows which could cause a serverside denial of service.
    - Files changed:
        src/aklog/aklog_main.c
        src/aklog/klog.c
        src/auth/akimpersonate.c
        src/auth/akimpersonate.h
        src/auth/akimpersonate_v5gen.c
        src/auth/akimpersonate_v5gen.h
        src/auth/authcon.c
        src/auth/Makefile.in
        src/bozo/bosserver.c
        src/bozo/Makefile.in
        src/bucoord/Makefile.in
        src/budb/Makefile.in
        src/budb/server.c
        src/butc/Makefile.in
        src/cf/kerberos.m4
        src/config/Makefile.config.in
        src/fsprobe/Makefile.in
        src/kauth/Makefile.in
        src/libafsauthent/Makefile.in
        src/ptserver/Makefile.in
        src/ptserver/ptserver.c
        src/rxkad/Makefile.in
        src/rxkad/private_data.h
        src/rxkad/rxkad.p.h
        src/rxkad/rxkad_prototypes.h
        src/rxkad/rxkad_server.c
        src/rxkad/ticket5.c
        src/rxkad/ticket5_keytab.c
        src/scout/Makefile.in
        src/shlibafsauthent/Makefile.in
        src/shlibafsrpc/mapfile
        src/tbutc/Makefile.in
        src/tsm41/Makefile.in
        src/tviced/Makefile.in
        src/tvolser/Makefile.in
        src/update/Makefile.in
        src/update/server.c
        src/uss/Makefile.in
        src/util/dirpath.c
        src/util/dirpath.hin
        src/venus/Makefile.in
        src/viced/Makefile.in
        src/viced/viced.c
        src/vlserver/Makefile.in
        src/vlserver/vlserver.c
        src/volser/Makefile.in
        src/volser/volmain.c
    - Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, and Ben Kaduk for
      the above fixes
    - OPENAFS-SA-2013-003
    - OPENAFS-SA-2013-004
    - CVE-2013-4134
    - CVE-2013-4135
    - LP: #1204195
 -- Luke Faraone <lfaraone@ubuntu.com>   Wed, 24 Jul 2013 18:07:21 -0400

Ubuntuopenafs package

Comment 16 for bug 1204195

Ubuntu
openafs package