 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 9 Apr 2014 12:33:21 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: openafs security update
Issue date: 2014-04-11
CVE Numbers: CVE-2014-0159
--
An attacker with the ability to connect to an OpenAFS fileserver can
trigger a buffer overflow, crashing the server.
The GetStatistics64 remote procedure call (RPC) was introduced in
OpenAFS 1.4.8 as part of the support for fileserver partitions larger
than 2 TiB. The GetStatistics64 RPC is used by remote administrative
programs to retrieve statistical information about fileservers. The
GetStatistics64 RPC requests do not require authentication.
A bug has been discovered in the GetStatistics64 RPC which can trigger a
fileserver crash. The version argument of the GetStatistics64 RPC is
used to determine how much memory is allocated for the RPC reply.
However the range of this argument is not validated, allowing an
attacker to cause insufficient memory to be allocated for the
statistical information reply buffer.
Clients are not affected.
--
SL 5.x
SRPMS:
openafs.SLx-1.4.15-84.src.rpm
i386:
kernel-module-openafs-2.6.18-348.21.1.el5-1.4.15-84.sl5.i686.rpm
kernel-module-openafs-2.6.18-348.21.1.el5PAE-1.4.15-84.sl5.i686.rpm
kernel-module-openafs-2.6.18-348.21.1.el5xen-1.4.15-84.sl5.i686.rpm
openafs-1.4.15-84.sl5.i386.rpm
openafs-authlibs-1.4.15-84.sl5.i386.rpm
openafs-authlibs-devel-1.4.15-84.sl5.i386.rpm
openafs-client-1.4.15-84.sl5.i386.rpm
openafs-compat-1.4.15-84.sl5.i386.rpm
openafs-debug-1.4.15-84.sl5.i386.rpm
openafs-devel-1.4.15-84.sl5.i386.rpm
openafs-kernel-source-1.4.15-84.sl5.i386.rpm
openafs-kpasswd-1.4.15-84.sl5.i386.rpm
openafs-krb5-1.4.15-84.sl5.i386.rpm
openafs-server-1.4.15-84.sl5.i386.rpm
x86_64:
kernel-module-openafs-2.6.18-348.21.1.el5-1.4.15-84.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-348.21.1.el5xen-1.4.15-84.sl5.x86_64.rpm
openafs-1.4.15-84.sl5.x86_64.rpm
openafs-authlibs-1.4.15-84.sl5.x86_64.rpm
openafs-authlibs-devel-1.4.15-84.sl5.x86_64.rpm
openafs-client-1.4.15-84.sl5.x86_64.rpm
openafs-compat-1.4.15-84.sl5.x86_64.rpm
openafs-debug-1.4.15-84.sl5.x86_64.rpm
openafs-devel-1.4.15-84.sl5.x86_64.rpm
openafs-kernel-source-1.4.15-84.sl5.x86_64.rpm
openafs-kpasswd-1.4.15-84.sl5.x86_64.rpm
openafs-krb5-1.4.15-84.sl5.x86_64.rpm
openafs-server-1.4.15-84.sl5.x86_64.rpm
SL6.x
SRPMS:
openafs.SLx-1.6.5.1-148.src.rpm
i386:
kmod-openafs-431-1.6.5.1-148.sl6.431.11.2.i686.rpm
openafs-1.6.5.1-148.sl6.i686.rpm
openafs-authlibs-1.6.5.1-148.sl6.i686.rpm
openafs-authlibs-devel-1.6.5.1-148.sl6.i686.rpm
openafs-client-1.6.5.1-148.sl6.i686.rpm
openafs-compat-1.6.5.1-148.sl6.i686.rpm
openafs-devel-1.6.5.1-148.sl6.i686.rpm
openafs-kernel-source-1.6.5.1-148.sl6.i686.rpm
openafs-kpasswd-1.6.5.1-148.sl6.i686.rpm
openafs-krb5-1.6.5.1-148.sl6.i686.rpm
openafs-module-tools-1.6.5.1-148.sl6.i686.rpm
openafs-plumbing-tools-1.6.5.1-148.sl6.i686.rpm
openafs-server-1.6.5.1-148.sl6.i686.rpm
x86_64:
kmod-openafs-431-1.6.5.1-148.sl6.431.11.2.x86_64.rpm
openafs-1.6.5.1-148.sl6.x86_64.rpm
openafs-authlibs-1.6.5.1-148.sl6.x86_64.rpm
openafs-authlibs-devel-1.6.5.1-148.sl6.x86_64.rpm
openafs-client-1.6.5.1-148.sl6.x86_64.rpm
openafs-compat-1.6.5.1-148.sl6.x86_64.rpm
openafs-devel-1.6.5.1-148.sl6.x86_64.rpm
openafs-kernel-source-1.6.5.1-148.sl6.x86_64.rpm
openafs-kpasswd-1.6.5.1-148.sl6.x86_64.rpm
openafs-krb5-1.6.5.1-148.sl6.x86_64.rpm
openafs-module-tools-1.6.5.1-148.sl6.x86_64.rpm
openafs-plumbing-tools-1.6.5.1-148.sl6.x86_64.rpm
openafs-server-1.6.5.1-148.sl6.x86_64.rpm
|
|
|
