Ubuntu

“openafs” 1.6.1-1+ubuntu0.2 source package in Ubuntu

Changelog

openafs (1.6.1-1+ubuntu0.2) precise-security; urgency=low

  * SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
    vos -encrypt doesn't encrypt connection data.
    Buffer overflows which could cause a serverside denial of service.
    - openafs-sa-2013-001.patch: Fix fileserver buffer overflow when parsing
      client-supplied ACL entries and protect against client parsing of
      bad ACL entries. Thanks to Nickolai Zeldovich.
    - openafs-sa-2013-002.patch: Fix ptserver buffer overflow via integer
      overflow in the IdToName RPC. Thanks to Nickolai Zeldovich
    - 0001-Add-rxkad-server-hook-function-to-decrypt-more-types.patch
    - 0002-New-optional-rxkad-functionality-for-decypting-krb5-.patch
    - 0003-Integrate-keytab-based-decryption-into-afsconf_Build.patch
    - 0004-Derive-DES-fcrypt-session-key-from-other-key-types.patch
    - 0005-Move-akimpersonate-to-libauth.patch
    - 0006-Clean-up-akimpersonate-and-use-for-server-to-server.patch
    - 0007-auth-Do-not-always-fallback-to-noauth.patch
    - 0008-Avoid-calling-afsconf_GetLatestKey-directly.patch
    - 0009-Reload-rxkad.keytab-on-CellServDB-modification.patch
    - 0010-Add-support-for-deriving-DES-keys-to-klog.krb5.patch
    - 0011 skipped because it was a version bump
    - 0012-ubik-Fix-encryption-selection-in-ugen.patch
    - Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, Ben Kaduk,
        Andrew Deason, and Michael Meffie for the above patch series.
    - swap-libs.patch: Resolve FTBFS with newer toolchains. Thanks to Anders
        Kaseorg.
    - OPENAFS-SA-2013-001
    - OPENAFS-SA-2013-002
    - OPENAFS-SA-2013-003
    - OPENAFS-SA-2013-004
    - CVE-2013-1794
    - CVE-2013-1795
    - CVE-2013-4134
    - CVE-2013-4135
    - LP: #1145560
    - LP: #1204195
 -- Luke Faraone <email address hidden>   Tue, 23 Jul 2013 21:11:02 -0400

Upload details

Uploaded by:
Luke Faraone on 2013-07-24
Sponsored by:
Seth Arnold
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
alpha amd64 arm armel armhf i386 ia64 powerpc powerpcspe ppc64 s390 s390x sparc lpia all
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
openafs_1.6.1.orig.tar.gz 8.7 MiB cdcbad3987be21f4705ff27b38ad683d
openafs_1.6.1-1+ubuntu0.2.debian.tar.gz 185.6 KiB 746debb702279e52616d070637d0f355
openafs_1.6.1-1+ubuntu0.2.dsc 2.6 KiB 664d24832fb782a48a2fbca66a40f79e

Binary packages built by this source

libafsauthent1: AFS distributed file system runtime library (authentication)

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides the shared library implementing AFS client
 authentication and token management.

libafsrpc1: AFS distributed file system runtime library (RPC layer)

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides the shared library implementing the Rx protocol and
 other AFS RPC functionality.

libkopenafs1: AFS distributed file system runtime library (PAGs)

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides the shared library implementing an interface to
 manipulating AFS process authentication groups (PAGs). It provides the
 a subset of the interface provided by the Heimdal libkafs library.

libopenafs-dev: AFS distributed filesystem development libraries

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides static development libraries and headers
 needed to compile AFS applications.

libpam-openafs-kaserver: AFS distributed filesystem kaserver PAM module

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides a PAM module for existing sites using the AFS
 kaserver for authentication. New sites should use a Kerberos v5
 implementation, a Kerberos v5 PAM module such as libpam-krb5, and
 libpam-afs-session.

openafs-client: AFS distributed filesystem client support

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides basic client support to mount and manipulate
 AFS. If your site uses Kerberos v5 authentication for AFS, you will also
 want to install openafs-krb5.

openafs-dbg: AFS distributed filesystem debugging information

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package contains the debugging information for the OpenAFS
 server binaries (the openafs-fileserver and openafs-dbserver packages).

openafs-dbserver: AFS distributed filesystem database server

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides AFS database server binaries. It should be
 installed on the servers that will act as volume location and
 protection servers.

openafs-doc: AFS distributed filesystem documentation

 AFS is a distributed filesystem allowing cross-platform sharing of files
 among multiple computers. Facilities are provided for access control,
 authentication, backup and administrative management.
 .
 This package contains the OpenAFS user's and reference manuals, some
 protocol documentation, and other OpenAFS documentation.

openafs-fileserver: AFS distributed filesystem file server

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides the AFS fileserver binaries. It should be
 installed on any machine that will export files into AFS.

openafs-fuse: AFS distributed file system experimental FUSE client

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides an experimental FUSE implementation of the AFS
 client as afsd.fuse. This currently only provides read-only access to
 AFS, doesn't work with all of the normal AFS client programs, and must be
 started manually, but may be of interest in situations where read-only
 access is sufficient and the kernel module cannot be built.

openafs-kpasswd: AFS distributed filesystem old password changing

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides kpasswd and kas, utilities needed by the OpenAFS
 kaserver to create users and change passwords. Only install this package
 if you are already using kaserver; generally you should not install this
 package for new cells or for cells using Kerberos v5.

openafs-krb5: AFS distributed filesystem Kerberos 5 integration

 AFS is a distributed filesystem allowing cross-platform sharing of files
 among multiple computers. Facilities are provided for access control,
 authentication, backup and administrative management.
 .
 This package provides aklog, a utility for authenticating to AFS using
 Kerberos 5. It also provides asetkey, a utility to set AFS server keys
 from a Kerberos keytab, and ka-forwarder, a utility to forward kaserver
 requests to a KDC using fakeka.

openafs-modules-dkms: AFS distributed filesystem kernel module DKMS source

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package contains the source for the AFS kernel module, packaged with
 appropriate configuration for DKMS to build new modules dynamically.

openafs-modules-source: AFS distributed filesystem kernel module source

 AFS is a distributed filesystem allowing cross-platform sharing of
 files among multiple computers. Facilities are provided for access
 control, authentication, backup and administrative management.
 .
 This package provides the source to the AFS kernel module in a form
 suitable for use by module-assistant or kernel-package.