MGASA-2017-0037
- Source
- https://advisories.mageia.org/MGASA-2017-0037.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0037.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2017-0037
- Related
- Published
- 2017-02-02T19:17:14Z
- Modified
- 2017-02-02T19:08:25Z
- Summary
- Updated openafs packages fix security vulnerability
- Details
-
Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is physically visible on the fileserver vice partition, on the wire in FetchData replies and other RPCs, and on the client cache partition. This constitutes a leak of directory information (CVE-2016-9772).
The openafs package has been updated to version 1.6.20, to fix this issue and other bugs.
- References
-
- https://advisories.mageia.org/MGASA-2017-0037.html
- https://bugs.mageia.org/show_bug.cgi?id=19879
- https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
- http://openafs.org/dl/openafs/1.6.18.1/RELNOTES-1.6.18.1
- http://openafs.org/dl/openafs/1.6.18.2/RELNOTES-1.6.18.2
- http://openafs.org/dl/openafs/1.6.18.3/RELNOTES-1.6.18.3
- https://dl.openafs.org/dl/1.6.19/RELNOTES-1.6.19
- https://dl.openafs.org/dl/1.6.20/RELNOTES-1.6.20
- http://openwall.com/lists/oss-security/2016/12/02/9
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / openafs
Package
- Name
- openafs
- Purl
- pkg:rpm/mageia/openafs?distro=mageia-5