Advisories ยป MGASA-2015-0424

Updated openafs packages fix security vulnerabilities

Publication date: 02 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7762 , CVE-2015-7763


Updated openafs packages fix security vulnerabilities:

When constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx
implementations do not initialize three octets of data that are padding
in the C language structure and were inadvertently included in the wire
protocol (CVE-2015-7762).

Additionally, OpenAFS Rx before version 1.6.14 includes a variable-length
padding at the end of the ACK packet, in an attempt to detect the path MTU,
but only four octets of the additional padding are initialized