Debian alert DLA-1982-1 (openafs)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1982-1] openafs security update | |
| Date: | Wed, 6 Nov 2019 01:08:55 +0100 | |
| Message-ID: | <f7ffbdf4-5e2f-4e56-865f-7b7f9bc62301@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : openafs Version : 1.6.9-2+deb8u9 CVE ID : CVE-2019-18601 CVE-2019-18602 CVE-2019-18603 Debian Bug : 943587 Several security vulnerabilities were discovered in OpenAFS, a distributed file system. CVE-2019-18601 OpenAFS is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. CVE-2019-18602 OpenAFS is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. CVE-2019-18603 OpenAFS is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. For Debian 8 "Jessie", these problems have been fixed in version 1.6.9-2+deb8u9. We recommend that you upgrade your openafs packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3CDxdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSUUg/+MYSPighw/0EvL1S/VaJQlde/Epz0VSuebd8YxYKuvlxQ7m/dKfU2dtq5 AhJm0H2GRqOGCJr23CFv0g+fs8W9kYcgdZ26an2JZPV68oigSiIyMAh+W+/BYkgw /mHXe+9KfaRbUdMermaW7ag99JYkvdKmZSfM5/v5RVum3CNSWSd0dG/qKDa/cVOs RRTTCVtKjGhTHw46RK17z7Z7FCTPXeZu+tqvKb8K2MxhksNTHUe2+CdRmyvTj41Q QnTUkRDlyYkIfR5HX3JmbFTzZNKHOnt9jcMxsHJXT7Oq0R08Qjc7uY0IPS09Csjz K+UmYNwfwJRCSFJUV1UuptrZjT2YWkr7lPBwpxbuMsi4gNTZpnTn7WiAWl7Tfn2/ JXKbzA+PJDt2V+r9CWk+ACxbG1DTGChgrVRtJi/5NjczDHjJcmXd/DwBRgOObgls ZvbHvtqySyXuX5aMxDPk0LjTb+z/Zl/8vbmYuSWS7WAIgjiurH30N3qdjRjpeS+V pN45yioaeJqjz+6qodOiCP4pJv7OyXey/aJNAbDdOtwCzAqiV6KCkpAR7D64GUtY 6xThFrbB3AKAjZ3oQGp2czbiB9r0xIvdh6mOM+jh7rEOvwG9yW8Jvm2bzOAOwcPZ cjTfqJQQXQ+VanocEQof0rBwR/8vxX05D8AMn/sVbVfzTeW0ZOM= =sePJ -----END PGP SIGNATURE-----