Stephan Wiesand wrote:
> Hi All,
> 
> the OpenAFS folks issued two security advisories:
> 
> http://www.openafs.org/pages/security/OPENAFS-SA-2009-001.txt
> http://www.openafs.org/pages/security/OPENAFS-SA-2009-002.txt
> 
> Exploiting these issues is probably very difficult, but the impact 
> especially of the first one could be really serious.
> 
> The patches provided apply reasonably cleanly to our current build
> for SL5 (1.4.7-68.1, which is a minute update to the current one on SL4,
> 1.4.7-68), and from reading the source and the patches, it should be ok to 
> just use them like this.
> 
> I put up an SRPM with these patches here:
> 
> http://www-zeuthen.desy.de/~wiesand/SL5/openafs.SLx-1.4.7-68.2.src.rpm
> 
> I could not yet test the resulting RPMs yet, and won't be able to do so 
> before tomorrow during the day (GMT+2), but wanted to provide this asap in 
> case someone else can.
> 
> Once tested, this should probably become a "critical" security update for 
> SL4 and SL5.
> 
> The patches do not apply to the 1.2.13 source (for SL3). It seems quite 
> feasible to apply the required changes (I wouldn't even call it 
> "backporting"), but that will take some time and testing the SL5 and 
> SL4 builds is much higher on my priority list. As a stopgap measure, the 
> 1.4.7-68.2 SRPM will build and should work on SL3 as well.
> 
> Cheers,
>  	Stephan
> 

It is now up in the testing are for SL4 and SL5.  I have installed and 
started it on a SL50 machine, but no other testing.
I will send out an e-mail to have people test it.
Troy
-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________