Format: 1.8 Date: Wed, 24 Jul 2013 11:16:48 -0400 Source: openafs Binary: openafs-client openafs-fuse openafs-kpasswd openafs-fileserver openafs-dbserver openafs-doc openafs-krb5 libkopenafs1 libafsauthent1 libafsrpc1 libopenafs-dev openafs-modules-source openafs-modules-dkms libpam-openafs-kaserver openafs-dbg Architecture: armel Version: 1.6.1-2+ubuntu2.1 Distribution: quantal Urgency: high Maintainer: Ubuntu/armhf Build Daemon Changed-By: Luke Faraone Description: libafsauthent1 - AFS distributed file system runtime library (authentication) libafsrpc1 - AFS distributed file system runtime library (RPC layer) libkopenafs1 - AFS distributed file system runtime library (PAGs) libopenafs-dev - AFS distributed filesystem development libraries libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module openafs-client - AFS distributed filesystem client support openafs-dbg - AFS distributed filesystem debugging information openafs-dbserver - AFS distributed filesystem database server openafs-doc - AFS distributed filesystem documentation openafs-fileserver - AFS distributed filesystem file server openafs-fuse - AFS distributed file system experimental FUSE client openafs-kpasswd - AFS distributed filesystem old password changing openafs-krb5 - AFS distributed filesystem Kerberos 5 integration openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source openafs-modules-source - AFS distributed filesystem kernel module source Launchpad-Bugs-Fixed: 1145560 1204195 Changes: openafs (1.6.1-2+ubuntu2.1) quantal-security; urgency=high . * SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell. vos -encrypt doesn't encrypt connection data. Buffer overflows which could cause a serverside denial of service. - openafs-sa-2013-001.patch: Fix fileserver buffer overflow when parsing client-supplied ACL entries and protect against client parsing of bad ACL entries. Thanks to Nickolai Zeldovich. - openafs-sa-2013-002.patch: Fix ptserver buffer overflow via integer overflow in the IdToName RPC. Thanks to Nickolai Zeldovich - 0001-Add-rxkad-server-hook-function-to-decrypt-more-types.patch - 0002-New-optional-rxkad-functionality-for-decypting-krb5-.patch - 0003-Integrate-keytab-based-decryption-into-afsconf_Build.patch - 0004-Derive-DES-fcrypt-session-key-from-other-key-types.patch - 0005-Move-akimpersonate-to-libauth.patch - 0006-Clean-up-akimpersonate-and-use-for-server-to-server.patch - 0007-auth-Do-not-always-fallback-to-noauth.patch - 0008-Avoid-calling-afsconf_GetLatestKey-directly.patch - 0009-Reload-rxkad.keytab-on-CellServDB-modification.patch - 0010-Add-support-for-deriving-DES-keys-to-klog.krb5.patch - 0011 skipped because it was a version bump - 0012-ubik-Fix-encryption-selection-in-ugen.patch - Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, Ben Kaduk, Andrew Deason, and Michael Meffie for the above patch series. - swap-libs.patch: Resolve FTBFS with newer toolchains. Thanks to Anders Kaseorg. - OPENAFS-SA-2013-001 - OPENAFS-SA-2013-002 - OPENAFS-SA-2013-003 - OPENAFS-SA-2013-004 - CVE-2013-1794 - CVE-2013-1795 - CVE-2013-4134 - CVE-2013-4135 - LP: #1145560 - LP: #1204195 * Remove debian/source/options, which previously force-collaped the above patches into one debian/patches/debian-changes and caused confusing patch failures later. Thanks to Colin Watson for help with debugging and to Seth Arnold for identifying the failure. Checksums-Sha1: 0c6618de1cf74fb01dd98e3077566b2be28181fd 3941558 openafs-client_1.6.1-2+ubuntu2.1_armel.deb f1a57bd6c42a442aeef46f8691ee36036c193cdd 310704 openafs-fuse_1.6.1-2+ubuntu2.1_armel.deb ef38721fe5f37ce6d956a2506ecf570fa6e22009 336768 openafs-kpasswd_1.6.1-2+ubuntu2.1_armel.deb c628cb37040c42b1f55cbd64ee4064fcbec73b19 3247502 openafs-fileserver_1.6.1-2+ubuntu2.1_armel.deb ba0d1f6ff3419fcfcba8c8486f508434a725ae20 798870 openafs-dbserver_1.6.1-2+ubuntu2.1_armel.deb 8538d9ce4cad1e6ca372fecad78bbf072e3a0ac1 328668 openafs-krb5_1.6.1-2+ubuntu2.1_armel.deb a72a8ad311b8f4e21b01e10e507bee8e3a19eb58 15140 libkopenafs1_1.6.1-2+ubuntu2.1_armel.deb 59298771a406c48e804ab2bb1941a341fcc46d22 95178 libafsauthent1_1.6.1-2+ubuntu2.1_armel.deb 4e59400d70def266359d75c076634832042bba46 153014 libafsrpc1_1.6.1-2+ubuntu2.1_armel.deb 2f8cdbabf59521fc83f7bf29718bc355b6e6318c 2683230 libopenafs-dev_1.6.1-2+ubuntu2.1_armel.deb a11cc95107fd359fcbd92ef40ee0c4e6905f41b7 378264 libpam-openafs-kaserver_1.6.1-2+ubuntu2.1_armel.deb 5abb25cc7ec3908ce618aa631ffc7bd55545ef3d 12009710 openafs-dbg_1.6.1-2+ubuntu2.1_armel.deb Checksums-Sha256: 74ce41b360f9b8fcf314d259c338f591a471ab88465bef547cbfcac7aa4dcba1 3941558 openafs-client_1.6.1-2+ubuntu2.1_armel.deb 3c60b29d93279bf97431ec4184b05f717f4dab04ae30ae0e4e9c63155157207b 310704 openafs-fuse_1.6.1-2+ubuntu2.1_armel.deb 0c2852d2fc8f19f720eee08f8539db66434b7f08b3b95070fa32f1ed391423b8 336768 openafs-kpasswd_1.6.1-2+ubuntu2.1_armel.deb 2bbf96de111c17efaefa3fea1f0c70c9095f2cb0ebbb4022155e83350438c16d 3247502 openafs-fileserver_1.6.1-2+ubuntu2.1_armel.deb d26ac937e40b7101076ddc748fb37ced0c65ab0e1e416d66101fbaf62777d037 798870 openafs-dbserver_1.6.1-2+ubuntu2.1_armel.deb 7eccf378b3e419ff6011d9c869402a42837bc7955b39f5694e42243e2d5a67e5 328668 openafs-krb5_1.6.1-2+ubuntu2.1_armel.deb 0b43756ec529419f026029ea6e610217264efea404fb1cf0f0a078bfa4c1d5ac 15140 libkopenafs1_1.6.1-2+ubuntu2.1_armel.deb 4a119331100bb7ff5e68c9ddcd549de176061812a6f857375cf42d668a489443 95178 libafsauthent1_1.6.1-2+ubuntu2.1_armel.deb 447dcadaba79fed9c47f1400eb087a6b976808da7511ef632eb8057dcb51f01c 153014 libafsrpc1_1.6.1-2+ubuntu2.1_armel.deb d9af651898a01f39b345acfaa0d67950fcb7f7ee6f9913ad423037029f3af081 2683230 libopenafs-dev_1.6.1-2+ubuntu2.1_armel.deb 15e57c7e7e571b657f95d50a7b68469f660ed25fafa473b293510f536334e21c 378264 libpam-openafs-kaserver_1.6.1-2+ubuntu2.1_armel.deb 6b4229a5d4d54b4fe636651b56c54dcfce7021958ce339f85c39cea6fef4e49c 12009710 openafs-dbg_1.6.1-2+ubuntu2.1_armel.deb Files: 38c750d717b6ce6f1b26ca2a17f20ca4 3941558 net optional openafs-client_1.6.1-2+ubuntu2.1_armel.deb 85972cf3f1f7c2658aeb97b6b5b5af8f 310704 net extra openafs-fuse_1.6.1-2+ubuntu2.1_armel.deb b892f6e98d64c9c031e52e2b60a29dff 336768 net extra openafs-kpasswd_1.6.1-2+ubuntu2.1_armel.deb 3247594e2dbbb67ed818a9a7c2bbca44 3247502 net optional openafs-fileserver_1.6.1-2+ubuntu2.1_armel.deb 41156a6e3e6585d490c08e9e140036c6 798870 net optional openafs-dbserver_1.6.1-2+ubuntu2.1_armel.deb efc409817e110ef8420a85a9996d6807 328668 net optional openafs-krb5_1.6.1-2+ubuntu2.1_armel.deb 05b0d2e797863a6ca4125407d31aacd4 15140 libs optional libkopenafs1_1.6.1-2+ubuntu2.1_armel.deb 143166228f9a22f9e82c2b5c83e81752 95178 libs optional libafsauthent1_1.6.1-2+ubuntu2.1_armel.deb 32b080f7e387c735f69fe4a24e1ef24a 153014 libs optional libafsrpc1_1.6.1-2+ubuntu2.1_armel.deb bbad973160913d2e1b6e71ec45529fdc 2683230 libdevel extra libopenafs-dev_1.6.1-2+ubuntu2.1_armel.deb ce200b7aaacd7fd5c3586b0c189b3795 378264 admin extra libpam-openafs-kaserver_1.6.1-2+ubuntu2.1_armel.deb 9d1fa6aa46b04985ba30328d96dbfa8d 12009710 debug extra openafs-dbg_1.6.1-2+ubuntu2.1_armel.deb Original-Maintainer: Russ Allbery