|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:099-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openafs
Date : December 8, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in openafs:
The cache manager in the client in OpenAFS 1.0 through 1.4.8 and
1.5.0 through 1.5.58 on Linux allows remote attackers to cause a
denial of service (system crash) via an RX response with a large
error-code value that is interpreted as a pointer and dereferenced,
related to use of the ERR_PTR macro (CVE-2009-1250).
Heap-based buffer overflow in the cache manager in the client in
OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms
allows remote attackers to cause a denial of service (system crash)
or possibly execute arbitrary code via an RX response containing
more data than specified in a request, related to use of XDR arrays
(CVE-2009-1251).
The updated packages have been patched to correct these issues.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1251
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
7b1982e29d59fa48973516226ef5ba38 2008.0/i586/dkms-libafs-1.4.4-8.3mdv2008.0.i586.rpm
302f3e4ef80a7a312d5a95f7a7bee7fb 2008.0/i586/libopenafs1-1.4.4-8.3mdv2008.0.i586.rpm
840e913861ed14fef8e5eccc7e65c13a 2008.0/i586/libopenafs1-devel-1.4.4-8.3mdv2008.0.i586.rpm
0fe92b704d5956205abf1a412c3084ce 2008.0/i586/openafs-1.4.4-8.3mdv2008.0.i586.rpm
eab2d124df726a795fdc0a926f96a097 2008.0/i586/openafs-client-1.4.4-8.3mdv2008.0.i586.rpm
651a5ea7af39e8089ce778dc91d8bbd6 2008.0/i586/openafs-doc-1.4.4-8.3mdv2008.0.i586.rpm
a0cab0f7b039f0769a90f1c731257659 2008.0/i586/openafs-server-1.4.4-8.3mdv2008.0.i586.rpm
32880b76d44f126c2d5c06366a47d48d 2008.0/SRPMS/openafs-1.4.4-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
2f62764a76389c4cd7af690fa6f3f570 2008.0/x86_64/dkms-libafs-1.4.4-8.3mdv2008.0.x86_64.rpm
8714e19c9e2af64f4c32187e96679c68 2008.0/x86_64/lib64openafs1-1.4.4-8.3mdv2008.0.x86_64.rpm
9140e1c3ef876fb9b445f818122c07ab 2008.0/x86_64/lib64openafs1-devel-1.4.4-8.3mdv2008.0.x86_64.rpm
c8b22c0e5b789f5a435237437e5e9aa5 2008.0/x86_64/openafs-1.4.4-8.3mdv2008.0.x86_64.rpm
dd5199fb52dba4dbe8793c9991997b69 2008.0/x86_64/openafs-client-1.4.4-8.3mdv2008.0.x86_64.rpm
3d4ba9a602631ecfd4b2fa866e11d3fe 2008.0/x86_64/openafs-doc-1.4.4-8.3mdv2008.0.x86_64.rpm
9fe0892bec50d481644be493c51ef971 2008.0/x86_64/openafs-server-1.4.4-8.3mdv2008.0.x86_64.rpm
32880b76d44f126c2d5c06366a47d48d 2008.0/SRPMS/openafs-1.4.4-8.3mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team