Synopsis: Low: openafs security and bug fix update Issue date: 2011-04-20 CVE Names: CVE-2011-0430 CVE-2011-0431 Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors. (CVE-2011-0430) The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. (CVE-2011-0431) This update will also bring all the SL4 and SL5 openafs versions up to the same version. SL 4.x SRPMS: openafs-1.4.14-80.sl4.src.rpm i386: openafs-1.4.14-80.sl4.i686.rpm openafs-authlibs-1.4.14-80.sl4.i686.rpm openafs-authlibs-devel-1.4.14-80.sl4.i686.rpm openafs-client-1.4.14-80.sl4.i686.rpm openafs-compat-1.4.14-80.sl4.i686.rpm openafs-debug-1.4.14-80.sl4.i686.rpm openafs-devel-1.4.14-80.sl4.i686.rpm openafs-kernel-source-1.4.14-80.sl4.i686.rpm openafs-kpasswd-1.4.14-80.sl4.i686.rpm openafs-krb5-1.4.14-80.sl4.i686.rpm openafs-server-1.4.14-80.sl4.i686.rpm kernel-module-openafs-2.6.9-89.35.1.EL-1.4.14-80.sl4.i686.rpm kernel-module-openafs-2.6.9-89.35.1.ELhugemem-1.4.14-80.sl4.i686.rpm kernel-module-openafs-2.6.9-89.35.1.ELsmp-1.4.14-80.sl4.i686.rpm kernel-module-openafs-2.6.9-89.35.1.ELxenU-1.4.14-80.sl4.i686.rpm ... ... kernel modules for all released SL4 i386 kernels ... x86_64: openafs-1.4.14-80.sl4.x86_64.rpm openafs-authlibs-1.4.14-80.sl4.x86_64.rpm openafs-authlibs-devel-1.4.14-80.sl4.x86_64.rpm openafs-client-1.4.14-80.sl4.x86_64.rpm openafs-compat-1.4.14-80.sl4.x86_64.rpm openafs-debug-1.4.14-80.sl4.x86_64.rpm openafs-devel-1.4.14-80.sl4.x86_64.rpm openafs-kernel-source-1.4.14-80.sl4.x86_64.rpm openafs-kpasswd-1.4.14-80.sl4.x86_64.rpm openafs-krb5-1.4.14-80.sl4.x86_64.rpm openafs-server-1.4.14-80.sl4.x86_64.rpm kernel-module-openafs-2.6.9-89.35.1.EL-1.4.14-80.sl4.x86_64.rpm kernel-module-openafs-2.6.9-89.35.1.ELlargesmp-1.4.14-80.sl4.x86_64.rpm kernel-module-openafs-2.6.9-89.35.1.ELsmp-1.4.14-80.sl4.x86_64.rpm kernel-module-openafs-2.6.9-89.35.1.ELxenU-1.4.14-80.sl4.x86_64.rpm ... ... kernel modules for all released SL4 x86_64 kernels ... SL 5.x SRPMS: openafs-1.4.14-80.sl5.src.rpm i386: openafs-1.4.14-80.sl5.i686.rpm openafs-authlibs-1.4.14-80.sl5.i686.rpm openafs-authlibs-devel-1.4.14-80.sl5.i686.rpm openafs-client-1.4.14-80.sl5.i686.rpm openafs-compat-1.4.14-80.sl5.i686.rpm openafs-debug-1.4.14-80.sl5.i686.rpm openafs-devel-1.4.14-80.sl5.i686.rpm openafs-kernel-source-1.4.14-80.sl5.i686.rpm openafs-kpasswd-1.4.14-80.sl5.i686.rpm openafs-krb5-1.4.14-80.sl5.i686.rpm openafs-server-1.4.14-80.sl5.i686.rpm kernel-module-openafs-2.6.18-238.9.1.el5-1.4.14-80.sl5.i686.rpm kernel-module-openafs-2.6.18-238.9.1.el5PAE-1.4.14-80.sl5.i686.rpm kernel-module-openafs-2.6.18-238.9.1.el5xen-1.4.14-80.sl5.i686.rpm ... ... kernel modules for all released SL5 i386 kernels ... x86_64: openafs-1.4.14-80.sl5.x86_64.rpm openafs-authlibs-1.4.14-80.sl5.x86_64.rpm openafs-authlibs-devel-1.4.14-80.sl5.x86_64.rpm openafs-client-1.4.14-80.sl5.x86_64.rpm openafs-compat-1.4.14-80.sl5.x86_64.rpm openafs-debug-1.4.14-80.sl5.x86_64.rpm openafs-devel-1.4.14-80.sl5.x86_64.rpm openafs-kernel-source-1.4.14-80.sl5.x86_64.rpm openafs-kpasswd-1.4.14-80.sl5.x86_64.rpm openafs-krb5-1.4.14-80.sl5.x86_64.rpm openafs-server-1.4.14-80.sl5.x86_64.rpm kernel-module-openafs-2.6.18-238.9.1.el5-1.4.14-80.sl5.x86_64.rpm kernel-module-openafs-2.6.18-238.9.1.el5xen-1.4.14-80.sl5.x86_64.rpm ... ... kernel modules for all released SL5 x86_64 kernels ... - Scientific Linux Development Team