Openafs has a security hole with enabled suid
Bug #94787 reported by
Stephan Wienczny
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openafs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: openafs-client
Openafs has a privilege escalation security hole that permits an attacker to gain local root access.
A security adversory can be found upstream at http://
A new openafs-release fixes this.
CVE References
Changed in openafs: | |
status: | New → Confirmed |
To post a comment you must log in.
Thanks for the report. I've linked to the CVE for this. If someone can prepare debdiffs and test them, I can get them published.