rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
{ "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libafsauthent1", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libafsauthent1-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libafsrpc1", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libafsrpc1-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libkopenafs1", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libkopenafs1-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libopenafs-dev", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libopenafs-dev-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libpam-openafs-kaserver", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "libpam-openafs-kaserver-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-client", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-client-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-dbg", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-dbserver", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-dbserver-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-doc", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-fileserver", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-fileserver-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-fuse", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-fuse-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-kpasswd", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-kpasswd-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-krb5", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-krb5-dbgsym", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-modules-dkms", "binary_version": "1.6.7-1ubuntu1.1" }, { "binary_name": "openafs-modules-source", "binary_version": "1.6.7-1ubuntu1.1" } ], "availability": "No subscription required" }
{ "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libafsauthent1", "binary_version": "1.6.15-1" }, { "binary_name": "libafsauthent1-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "libafsrpc1", "binary_version": "1.6.15-1" }, { "binary_name": "libafsrpc1-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "libkopenafs1", "binary_version": "1.6.15-1" }, { "binary_name": "libkopenafs1-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "libopenafs-dev", "binary_version": "1.6.15-1" }, { "binary_name": "libopenafs-dev-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "libpam-openafs-kaserver", "binary_version": "1.6.15-1" }, { "binary_name": "libpam-openafs-kaserver-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-client", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-client-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-dbg", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-dbserver", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-dbserver-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-doc", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-fileserver", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-fileserver-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-fuse", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-fuse-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-kpasswd", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-kpasswd-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-krb5", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-krb5-dbgsym", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-modules-dkms", "binary_version": "1.6.15-1" }, { "binary_name": "openafs-modules-source", "binary_version": "1.6.15-1" } ], "availability": "No subscription required" }