 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 7 Apr 2009 17:52:17 +0200 |
| Content-Type: | TEXT/PLAIN |
| Parts/Attachments: |
|
|
Hi All,
the OpenAFS folks issued two security advisories:
http://www.openafs.org/pages/security/OPENAFS-SA-2009-001.txt
http://www.openafs.org/pages/security/OPENAFS-SA-2009-002.txt
Exploiting these issues is probably very difficult, but the impact
especially of the first one could be really serious.
The patches provided apply reasonably cleanly to our current build
for SL5 (1.4.7-68.1, which is a minute update to the current one on SL4,
1.4.7-68), and from reading the source and the patches, it should be ok to
just use them like this.
I put up an SRPM with these patches here:
http://www-zeuthen.desy.de/~wiesand/SL5/openafs.SLx-1.4.7-68.2.src.rpm
I could not yet test the resulting RPMs yet, and won't be able to do so
before tomorrow during the day (GMT+2), but wanted to provide this asap in
case someone else can.
Once tested, this should probably become a "critical" security update for
SL4 and SL5.
The patches do not apply to the 1.2.13 source (for SL3). It seems quite
feasible to apply the required changes (I wouldn't even call it
"backporting"), but that will take some time and testing the SL5 and
SL4 builds is much higher on my priority list. As a stopgap measure, the
1.4.7-68.2 SRPM will build and should work on SL3 as well.
Cheers,
Stephan
--
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany
|
|
|
