This bug was fixed in the package openafs - 1.4.12+dfsg-3+ubuntu0.3
--------------- openafs (1.4.12+dfsg-3+ubuntu0.3) lucid-security; urgency=high
* SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell. vos -encrypt doesn't encrypt connection data. Buffer overflows which could cause a serverside denial of service. - Files changed: src/aklog/aklog_main.c src/aklog/klog.c src/auth/akimpersonate.c src/auth/akimpersonate.h src/auth/akimpersonate_v5gen.c src/auth/akimpersonate_v5gen.h src/auth/authcon.c src/auth/Makefile.in src/bozo/bosserver.c src/bozo/Makefile.in src/bucoord/Makefile.in src/budb/Makefile.in src/budb/server.c src/butc/Makefile.in src/cf/kerberos.m4 src/config/Makefile.config.in src/fsprobe/Makefile.in src/kauth/Makefile.in src/libafsauthent/Makefile.in src/ptserver/Makefile.in src/ptserver/ptserver.c src/rxkad/Makefile.in src/rxkad/private_data.h src/rxkad/rxkad.p.h src/rxkad/rxkad_prototypes.h src/rxkad/rxkad_server.c src/rxkad/ticket5.c src/rxkad/ticket5_keytab.c src/scout/Makefile.in src/shlibafsauthent/Makefile.in src/shlibafsrpc/mapfile src/tbutc/Makefile.in src/tsm41/Makefile.in src/tviced/Makefile.in src/tvolser/Makefile.in src/update/Makefile.in src/update/server.c src/uss/Makefile.in src/util/dirpath.c src/util/dirpath.hin src/venus/Makefile.in src/viced/Makefile.in src/viced/viced.c src/vlserver/Makefile.in src/vlserver/vlserver.c src/volser/Makefile.in src/volser/volmain.c - Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, and Ben Kaduk for the above fixes - OPENAFS-SA-2013-003 - OPENAFS-SA-2013-004 - CVE-2013-4134 - CVE-2013-4135 - LP: #1204195 -- Luke Faraone <email address hidden> Wed, 24 Jul 2013 18:07:21 -0400
This bug was fixed in the package openafs - 1.4.12+ dfsg-3+ ubuntu0. 3
--------------- dfsg-3+ ubuntu0. 3) lucid-security; urgency=high
openafs (1.4.12+
* SECURITY UPDATE: Brute force DES attack permits compromise of AFS cell.
src/aklog/ aklog_main. c
src/aklog/ klog.c
src/auth/ akimpersonate. c
src/auth/ akimpersonate. h
src/auth/ akimpersonate_ v5gen.c
src/auth/ akimpersonate_ v5gen.h
src/auth/ authcon. c
src/auth/ Makefile. in
src/bozo/ bosserver. c
src/bozo/ Makefile. in
src/bucoord/ Makefile. in
src/budb/ Makefile. in
src/budb/ server. c
src/butc/ Makefile. in
src/cf/ kerberos. m4
src/config/ Makefile. config. in
src/fsprobe/ Makefile. in
src/kauth/ Makefile. in
src/libafsauth ent/Makefile. in
src/ptserver/ Makefile. in
src/ptserver/ ptserver. c
src/rxkad/ Makefile. in
src/rxkad/ private_ data.h
src/rxkad/ rxkad.p. h
src/rxkad/ rxkad_prototype s.h
src/rxkad/ rxkad_server. c
src/rxkad/ ticket5. c
src/rxkad/ ticket5_ keytab. c
src/scout/ Makefile. in
src/shlibafsau thent/Makefile. in
src/shlibafsrp c/mapfile
src/tbutc/ Makefile. in
src/tsm41/ Makefile. in
src/tviced/ Makefile. in
src/tvolser/ Makefile. in
src/update/ Makefile. in
src/update/ server. c
src/uss/ Makefile. in
src/util/ dirpath. c
src/util/ dirpath. hin
src/venus/ Makefile. in
src/viced/ Makefile. in
src/viced/ viced.c
src/vlserver/ Makefile. in
src/vlserver/ vlserver. c
src/volser/ Makefile. in
src/volser/ volmain. c
vos -encrypt doesn't encrypt connection data.
Buffer overflows which could cause a serverside denial of service.
- Files changed:
- Thanks to Chaskiel Grundman, Alexander Chernyakhovsky, and Ben Kaduk for
the above fixes
- OPENAFS-SA-2013-003
- OPENAFS-SA-2013-004
- CVE-2013-4134
- CVE-2013-4135
- LP: #1204195
-- Luke Faraone <email address hidden> Wed, 24 Jul 2013 18:07:21 -0400