lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KkPqa-0002oT-Tw@titan.mandriva.com>
Date: Mon, 29 Sep 2008 15:00:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:207 ] openafs


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:207
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openafs
 Date    : September 29, 2008
 Affected: 2007.1, 2008.0
 _______________________________________________________________________

 Problem Description:

 A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote
 attackers to cause a denial of service (daemon crash) by simultaneously
 acquiring and giving back file callbacks (CVE-2007-6559).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6559
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 5cfed2da74437280e139bd9a37b99a27  2007.1/i586/dkms-libafs-1.4.2-3.1mdv2007.1.i586.rpm
 ce10b8248835c3c2f204d3316bde628d  2007.1/i586/libopenafs1-1.4.2-3.1mdv2007.1.i586.rpm
 a2c32eaa669fa364bf57988bf37e2a0e  2007.1/i586/libopenafs1-devel-1.4.2-3.1mdv2007.1.i586.rpm
 d0f2303b30ab06ec269f2aa47344adb7  2007.1/i586/openafs-1.4.2-3.1mdv2007.1.i586.rpm
 2db7adc9de4e14fc46242443d187c3c5  2007.1/i586/openafs-client-1.4.2-3.1mdv2007.1.i586.rpm
 2c309a5d6e3dfb4b80a75020403738ec  2007.1/i586/openafs-doc-1.4.2-3.1mdv2007.1.i586.rpm
 8ecb2c606b6d14652faf0d622bdb7d47  2007.1/i586/openafs-server-1.4.2-3.1mdv2007.1.i586.rpm 
 347d09eeb8161a41cde69cdeb0cd806e  2007.1/SRPMS/openafs-1.4.2-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 bdb3839cfe0fc276aa7555eba6be98fb  2007.1/x86_64/dkms-libafs-1.4.2-3.1mdv2007.1.x86_64.rpm
 df407d1f16cc88952d1ca98aa40a272d  2007.1/x86_64/lib64openafs1-1.4.2-3.1mdv2007.1.x86_64.rpm
 0295c0f5e7abca166dc6cdf264eb4f89  2007.1/x86_64/lib64openafs1-devel-1.4.2-3.1mdv2007.1.x86_64.rpm
 9a6da83f844d159f33a60eb77365d737  2007.1/x86_64/openafs-1.4.2-3.1mdv2007.1.x86_64.rpm
 02c3be035c0fd82ee110cc22b5d8556f  2007.1/x86_64/openafs-client-1.4.2-3.1mdv2007.1.x86_64.rpm
 f50541fbf4049a44bb3d18ec5e86f2c7  2007.1/x86_64/openafs-doc-1.4.2-3.1mdv2007.1.x86_64.rpm
 fa5907f7c52987a3bae025ddfbb056a9  2007.1/x86_64/openafs-server-1.4.2-3.1mdv2007.1.x86_64.rpm 
 347d09eeb8161a41cde69cdeb0cd806e  2007.1/SRPMS/openafs-1.4.2-3.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 95e60cbbac6d339b98ce84f70b6b3b32  2008.0/i586/dkms-libafs-1.4.4-8.2mdv2008.0.i586.rpm
 ed989de74390d86ae0e372c1bfbef739  2008.0/i586/libopenafs1-1.4.4-8.2mdv2008.0.i586.rpm
 b6f4d164c16d1665cf89b40221177d4b  2008.0/i586/libopenafs1-devel-1.4.4-8.2mdv2008.0.i586.rpm
 b7b01d26a73d53dafba59ecdba0f589e  2008.0/i586/openafs-1.4.4-8.2mdv2008.0.i586.rpm
 67e23acb150545d2725cde43312e5c10  2008.0/i586/openafs-client-1.4.4-8.2mdv2008.0.i586.rpm
 40603c470a595475d0a4e26343ac1a50  2008.0/i586/openafs-doc-1.4.4-8.2mdv2008.0.i586.rpm
 c1512c6915d515588973ae8f4634f8f7  2008.0/i586/openafs-server-1.4.4-8.2mdv2008.0.i586.rpm 
 9844d673b334a84137fcf26d6f052190  2008.0/SRPMS/openafs-1.4.4-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 14f0314e4178ed4b328328051d666810  2008.0/x86_64/dkms-libafs-1.4.4-8.2mdv2008.0.x86_64.rpm
 bd81cfc546181523331124824d37214d  2008.0/x86_64/lib64openafs1-1.4.4-8.2mdv2008.0.x86_64.rpm
 95a655890d0302c239d6f171adce4044  2008.0/x86_64/lib64openafs1-devel-1.4.4-8.2mdv2008.0.x86_64.rpm
 ed9312e42b2534ed062e03f4b90a75d6  2008.0/x86_64/openafs-1.4.4-8.2mdv2008.0.x86_64.rpm
 dbb0957bc6dde30f4f32ae3b47182a2d  2008.0/x86_64/openafs-client-1.4.4-8.2mdv2008.0.x86_64.rpm
 7aeb5a0b3cfa42dc299c36847d385a87  2008.0/x86_64/openafs-doc-1.4.4-8.2mdv2008.0.x86_64.rpm
 e978a2ac93085f038cfce9c2392700b8  2008.0/x86_64/openafs-server-1.4.4-8.2mdv2008.0.x86_64.rpm 
 9844d673b334a84137fcf26d6f052190  2008.0/SRPMS/openafs-1.4.4-8.2mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI4RTxmqjQ0CJFipgRAnOJAJ9BRllXkQYwi6d3c1K5MkSj7bmLrQCdHQ9a
GJXshVIV3rsb4dMvp1DM6Aw=
=9/0Q
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ