MGASA-2015-0424
- Source
- https://advisories.mageia.org/MGASA-2015-0424.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0424.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2015-0424
- Related
- Published
- 2015-11-02T20:21:29Z
- Modified
- 2015-11-02T20:13:42Z
- Summary
- Updated openafs packages fix security vulnerabilities
- Details
-
Updated openafs packages fix security vulnerabilities:
When constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol (CVE-2015-7762).
Additionally, OpenAFS Rx before version 1.6.14 includes a variable-length padding at the end of the ACK packet, in an attempt to detect the path MTU, but only four octets of the additional padding are initialized (CVE-2015-7763).
- References
-
- https://advisories.mageia.org/MGASA-2015-0424.html
- https://bugs.mageia.org/show_bug.cgi?id=17050
- http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt
- http://openafs.org/dl/openafs/1.6.14/RELNOTES-1.6.14
- http://openafs.org/dl/openafs/1.6.14.1/RELNOTES-1.6.14.1
- http://openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15
- https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / openafs
Package
- Name
- openafs
- Purl
- pkg:rpm/mageia/openafs?distro=mageia-5