Advisories ยป MGASA-2017-0037

Updated openafs packages fix security vulnerability

Publication date: 02 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9772


Due to incomplete initialization or clearing of reused memory, OpenAFS
directory objects are likely to contain "dead" directory entry
information. This extraneous information is not active - that is, it is
logically invisible to the fileserver and client. However, the leaked
information is physically visible on the fileserver vice partition, on
the wire in FetchData replies and other RPCs, and on the client cache
partition. This constitutes a leak of directory information

The openafs package has been updated to version 1.6.20, to fix this
issue and other bugs.