Updated openafs packages fix security vulnerability
Publication date: 02 Feb 2017Modification date: 02 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9772
Description
Due to incomplete initialization or clearing of reused memory, OpenAFS
directory objects are likely to contain "dead" directory entry
information. This extraneous information is not active - that is, it is
logically invisible to the fileserver and client. However, the leaked
information is physically visible on the fileserver vice partition, on
the wire in FetchData replies and other RPCs, and on the client cache
partition. This constitutes a leak of directory information
(CVE-2016-9772).
The openafs package has been updated to version 1.6.20, to fix this
issue and other bugs.
References
- https://bugs.mageia.org/show_bug.cgi?id=19879
- https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
- http://openafs.org/dl/openafs/1.6.18.1/RELNOTES-1.6.18.1
- http://openafs.org/dl/openafs/1.6.18.2/RELNOTES-1.6.18.2
- http://openafs.org/dl/openafs/1.6.18.3/RELNOTES-1.6.18.3
- https://dl.openafs.org/dl/1.6.19/RELNOTES-1.6.19
- https://dl.openafs.org/dl/1.6.20/RELNOTES-1.6.20
- http://openwall.com/lists/oss-security/2016/12/02/9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9772
SRPMS
5/core
- openafs-1.6.20-1.mga5