Updated openafs packages fix security vulnerabilitiesPublication date: 02 Nov 2015
Affected Mageia releases : 5
CVE: CVE-2015-7762 , CVE-2015-7763
Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx before version 1.6.14 includes a variable-length padding at the end of the ACK packet, in an attempt to detect the path MTU, but only four octets of the additional padding are initialized (CVE-2015-7763).