Updated openafs packages fix security vulnerabilityPublication date: 02 Feb 2017
Affected Mageia releases : 5
Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is physically visible on the fileserver vice partition, on the wire in FetchData replies and other RPCs, and on the client cache partition. This constitutes a leak of directory information (CVE-2016-9772). The openafs package has been updated to version 1.6.20, to fix this issue and other bugs.