Updated openafs packages fix security vulnerability
Publication date: 25 Mar 2016Modification date: 06 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2860 , CVE-2016-4536
Description
In OpenAFS before 1.6.17, users from foreign Kerberos realms can create
groups as if they were administrators (CVE-2016-2860).
In OpenAFS before 1.6.17, information leakage over the network due to
uninitialized memory (CVE-2016-4536).
References
- https://bugs.mageia.org/show_bug.cgi?id=18034
- http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt
- http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
- http://dl.openafs.org/dl/1.6.16/RELNOTES-1.6.16
- http://dl.openafs.org/dl/1.6.16/RELNOTES-1.6.17
- https://lists.openafs.org/pipermail/openafs-announce/2015/000495.html
- https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html
- http://openwall.com/lists/oss-security/2016/05/05/23
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2860
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4536
SRPMS
5/core
- openafs-1.6.17-1.mga5