To: [email protected]Subject: [ MDVSA-2008:207 ] openafs
Date: Mon, 29 Sep 2008 15:00:00 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1KkPqa-0002oO-M9@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:207
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openafs
Date : September 29, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote
attackers to cause a denial of service (daemon crash) by simultaneously
acquiring and giving back file callbacks (CVE-2007-6559).
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6559
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
5cfed2da74437280e139bd9a37b99a27 2007.1/i586/dkms-libafs-1.4.2-3.1mdv2007.1.i586.rpm
ce10b8248835c3c2f204d3316bde628d 2007.1/i586/libopenafs1-1.4.2-3.1mdv2007.1.i586.rpm
a2c32eaa669fa364bf57988bf37e2a0e 2007.1/i586/libopenafs1-devel-1.4.2-3.1mdv2007.1.i586.rpm
d0f2303b30ab06ec269f2aa47344adb7 2007.1/i586/openafs-1.4.2-3.1mdv2007.1.i586.rpm
2db7adc9de4e14fc46242443d187c3c5 2007.1/i586/openafs-client-1.4.2-3.1mdv2007.1.i586.rpm
2c309a5d6e3dfb4b80a75020403738ec 2007.1/i586/openafs-doc-1.4.2-3.1mdv2007.1.i586.rpm
8ecb2c606b6d14652faf0d622bdb7d47 2007.1/i586/openafs-server-1.4.2-3.1mdv2007.1.i586.rpm
347d09eeb8161a41cde69cdeb0cd806e 2007.1/SRPMS/openafs-1.4.2-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
bdb3839cfe0fc276aa7555eba6be98fb 2007.1/x86_64/dkms-libafs-1.4.2-3.1mdv2007.1.x86_64.rpm
df407d1f16cc88952d1ca98aa40a272d 2007.1/x86_64/lib64openafs1-1.4.2-3.1mdv2007.1.x86_64.rpm
0295c0f5e7abca166dc6cdf264eb4f89 2007.1/x86_64/lib64openafs1-devel-1.4.2-3.1mdv2007.1.x86_64.rpm
9a6da83f844d159f33a60eb77365d737 2007.1/x86_64/openafs-1.4.2-3.1mdv2007.1.x86_64.rpm
02c3be035c0fd82ee110cc22b5d8556f 2007.1/x86_64/openafs-client-1.4.2-3.1mdv2007.1.x86_64.rpm
f50541fbf4049a44bb3d18ec5e86f2c7 2007.1/x86_64/openafs-doc-1.4.2-3.1mdv2007.1.x86_64.rpm
fa5907f7c52987a3bae025ddfbb056a9 2007.1/x86_64/openafs-server-1.4.2-3.1mdv2007.1.x86_64.rpm
347d09eeb8161a41cde69cdeb0cd806e 2007.1/SRPMS/openafs-1.4.2-3.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
95e60cbbac6d339b98ce84f70b6b3b32 2008.0/i586/dkms-libafs-1.4.4-8.2mdv2008.0.i586.rpm
ed989de74390d86ae0e372c1bfbef739 2008.0/i586/libopenafs1-1.4.4-8.2mdv2008.0.i586.rpm
b6f4d164c16d1665cf89b40221177d4b 2008.0/i586/libopenafs1-devel-1.4.4-8.2mdv2008.0.i586.rpm
b7b01d26a73d53dafba59ecdba0f589e 2008.0/i586/openafs-1.4.4-8.2mdv2008.0.i586.rpm
67e23acb150545d2725cde43312e5c10 2008.0/i586/openafs-client-1.4.4-8.2mdv2008.0.i586.rpm
40603c470a595475d0a4e26343ac1a50 2008.0/i586/openafs-doc-1.4.4-8.2mdv2008.0.i586.rpm
c1512c6915d515588973ae8f4634f8f7 2008.0/i586/openafs-server-1.4.4-8.2mdv2008.0.i586.rpm
9844d673b334a84137fcf26d6f052190 2008.0/SRPMS/openafs-1.4.4-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
14f0314e4178ed4b328328051d666810 2008.0/x86_64/dkms-libafs-1.4.4-8.2mdv2008.0.x86_64.rpm
bd81cfc546181523331124824d37214d 2008.0/x86_64/lib64openafs1-1.4.4-8.2mdv2008.0.x86_64.rpm
95a655890d0302c239d6f171adce4044 2008.0/x86_64/lib64openafs1-devel-1.4.4-8.2mdv2008.0.x86_64.rpm
ed9312e42b2534ed062e03f4b90a75d6 2008.0/x86_64/openafs-1.4.4-8.2mdv2008.0.x86_64.rpm
dbb0957bc6dde30f4f32ae3b47182a2d 2008.0/x86_64/openafs-client-1.4.4-8.2mdv2008.0.x86_64.rpm
7aeb5a0b3cfa42dc299c36847d385a87 2008.0/x86_64/openafs-doc-1.4.4-8.2mdv2008.0.x86_64.rpm
e978a2ac93085f038cfce9c2392700b8 2008.0/x86_64/openafs-server-1.4.4-8.2mdv2008.0.x86_64.rpm
9844d673b334a84137fcf26d6f052190 2008.0/SRPMS/openafs-1.4.4-8.2mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFI4RTxmqjQ0CJFipgRAnOJAJ9BRllXkQYwi6d3c1K5MkSj7bmLrQCdHQ9a
GJXshVIV3rsb4dMvp1DM6Aw=
=9/0Q
-----END PGP SIGNATURE-----