Stephan Wiesand wrote: > Hi All, > > the OpenAFS folks issued two security advisories: > > http://www.openafs.org/pages/security/OPENAFS-SA-2009-001.txt > http://www.openafs.org/pages/security/OPENAFS-SA-2009-002.txt > > Exploiting these issues is probably very difficult, but the impact > especially of the first one could be really serious. > > The patches provided apply reasonably cleanly to our current build > for SL5 (1.4.7-68.1, which is a minute update to the current one on SL4, > 1.4.7-68), and from reading the source and the patches, it should be ok to > just use them like this. > > I put up an SRPM with these patches here: > > http://www-zeuthen.desy.de/~wiesand/SL5/openafs.SLx-1.4.7-68.2.src.rpm > > I could not yet test the resulting RPMs yet, and won't be able to do so > before tomorrow during the day (GMT+2), but wanted to provide this asap in > case someone else can. > > Once tested, this should probably become a "critical" security update for > SL4 and SL5. > > The patches do not apply to the 1.2.13 source (for SL3). It seems quite > feasible to apply the required changes (I wouldn't even call it > "backporting"), but that will take some time and testing the SL5 and > SL4 builds is much higher on my priority list. As a stopgap measure, the > 1.4.7-68.2 SRPM will build and should work on SL3 as well. > > Cheers, > Stephan > It is now up in the testing are for SL4 and SL5. I have installed and started it on a SL50 machine, but no other testing. I will send out an e-mail to have people test it. Troy -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI LMSS Group __________________________________________________