Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for CVE-2014-0159
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openafs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Please sync openafs 1.6.7-1 (universe) from Debian unstable (main)
This is an upstream security microrelease, consisting of exactly five
upstream commits on top of 1.6.6:
$ git log --oneline --shortstat openafs-
94ffd11 Make OpenAFS 1.6.7
5 files changed, 6 insertions(+), 6 deletions(-)
ba73b9a Update NEWS for 1.6.7
1 file changed, 8 insertions(+)
cde1526 viced: fix get-statistics64 buffer overflow
1 file changed, 5 insertions(+)
19c4d60 rx: Avoid rxi_Delay on RXS_CheckResponse failure
1 file changed, 4 insertions(+), 5 deletions(-)
32688c0 rx: Split out rxi_SendConnect
1 file changed, 26 insertions(+), 7 deletions(-)
(All other pending upstream work has been delayed to 1.6.8.) There
are no extra Debian changes.
Changelog entries since current trusty version 1.6.6-1:
openafs (1.6.7-1) unstable; urgency=high
* New upstream security release.
- OPENAFS-
fileserver. (CVE-2014-0159)
- Fix a potential DoS attack against Rx servers by avoiding suspending
the listener thread when delaying connection abort messages.
-- Russ Allbery <email address hidden> Wed, 09 Apr 2014 10:33:38 -0700
CVE References
information type: | Public → Public Security |
summary: |
- Sync openafs 1.6.7-1 (universe) from Debian unstable (main) + Sync openafs 1.6.7-1 (universe) from Debian unstable (main) for + CVE-2014-0159 |
This bug was fixed in the package openafs - 1.6.7-1
Sponsored for Anders Kaseorg (anders-kaseorg)
---------------
openafs (1.6.7-1) unstable; urgency=high
* New upstream security release. SA-2014- 001: Fix potential buffer overflow in the
- OPENAFS-
fileserver. (CVE-2014-0159)
- Fix a potential DoS attack against Rx servers by avoiding suspending
the listener thread when delaying connection abort messages.
-- Russ Allbery <email address hidden> Wed, 09 Apr 2014 10:33:38 -0700