Ubuntu
openafs package

Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for CVE-2014-0159

Bug #1305549 reported by Anders Kaseorg
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openafs (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Please sync openafs 1.6.7-1 (universe) from Debian unstable (main)

This is an upstream security microrelease, consisting of exactly five
upstream commits on top of 1.6.6:

$ git log --oneline --shortstat openafs-stable-1_6_6..openafs-stable-1_6_7
94ffd11 Make OpenAFS 1.6.7
 5 files changed, 6 insertions(+), 6 deletions(-)
ba73b9a Update NEWS for 1.6.7
 1 file changed, 8 insertions(+)
cde1526 viced: fix get-statistics64 buffer overflow
 1 file changed, 5 insertions(+)
19c4d60 rx: Avoid rxi_Delay on RXS_CheckResponse failure
 1 file changed, 4 insertions(+), 5 deletions(-)
32688c0 rx: Split out rxi_SendConnectionAbortLater
 1 file changed, 26 insertions(+), 7 deletions(-)

(All other pending upstream work has been delayed to 1.6.8.) There
are no extra Debian changes.

Changelog entries since current trusty version 1.6.6-1:

openafs (1.6.7-1) unstable; urgency=high

  * New upstream security release.
    - OPENAFS-SA-2014-001: Fix potential buffer overflow in the
      fileserver. (CVE-2014-0159)
    - Fix a potential DoS attack against Rx servers by avoiding suspending
      the listener thread when delaying connection abort messages.

 -- Russ Allbery <email address hidden> Wed, 09 Apr 2014 10:33:38 -0700

CVE References

Anders Kaseorg (andersk)
information type: Public → Public Security
Anders Kaseorg (andersk)
summary: - Sync openafs 1.6.7-1 (universe) from Debian unstable (main)
+ Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for
+ CVE-2014-0159
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

This bug was fixed in the package openafs - 1.6.7-1
Sponsored for Anders Kaseorg (anders-kaseorg)

---------------
openafs (1.6.7-1) unstable; urgency=high

  * New upstream security release.
    - OPENAFS-SA-2014-001: Fix potential buffer overflow in the
      fileserver. (CVE-2014-0159)
    - Fix a potential DoS attack against Rx servers by avoiding suspending
      the listener thread when delaying connection abort messages.

 -- Russ Allbery <email address hidden> Wed, 09 Apr 2014 10:33:38 -0700

Changed in openafs (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.