MGASA-2014-0515

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0515.html

Import Source

https://advisories.mageia.org/MGASA-2014-0515.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0515

Related

Published

2014-12-09T20:12:41Z

Modified

2014-12-09T20:01:50Z

Summary

Updated openafs packages fix security vulnerabilies

Details

Updated openafs packages fix security vulnerabilities:

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument (CVE-2014-0159).

OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet (CVE-2014-2852).

OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests (CVE-2014-4044).

The OpenAFS package has been updated to version 1.6.10, fixing these issues and other bugs, as well as providing support for newer kernel versions.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / openafs

Package

Name: openafs
Purl: pkg:rpm/mageia/openafs?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.10-1.1.mga4

Ecosystem specific

{
    "section": "core"
}