From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1768-1
[email protected] http://www.debian.org/security/ Florian Weimer
April 10, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openafs
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-1250 CVE-2009-1251
Two vulnerabilities were discovered in the client part of OpenAFS, a distributed file system.
An attacker with control of a file server or the ability to forge RX
packets may be able to execute arbitrary code in kernel mode on an
OpenAFS client, due to a vulnerability in XDR array decoding.
(CVE-2009-1251)
An attacker with control of a file server or the ability to forge RX
packets may crash OpenAFS clients because of wrongly handled error
return codes in the kernel module. (CVE-2009-1250).
Note that in order to apply this security update, you must rebuild the
OpenAFS kernel module. Be sure to also upgrade openafs-modules-source,
build a new kernel module for your system following the instructions in /usr/share/doc/openafs-client/README.modules.gz, and then either stop
and restart openafs-client or reboot the system to reload the kernel
module.
For the old stable distribution (etch), these problems have been fixed
in version 1.4.2-6etch2.
For the stable distribution (lenny), these problems have been fixed in
version 1.4.7.dfsg1-6+lenny1.
For the unstable distribution (sid), these problems have been fixed in
version 1.4.10+dfsg1-1.
We recommend that you upgrade your openafs packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2.orig.tar.gz
Size/MD5 checksum: 9210858 5c1c4c39a592ec52f5a4fa68f89ab7e3
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2-6etch2.dsc
Size/MD5 checksum: 887 ff63ecb5f4cf0f3361069c6061224ce9
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2-6etch2.diff.gz
Size/MD5 checksum: 117764 487bfab3c9b7cfad81e06f04b1fa897a
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/openafs/openafs-doc_1.4.2-6etch2_all.deb
Size/MD5 checksum: 2940110 a64e9f780ec6a4432aedf53c27ee3a1d
http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.4.2-6etch2_all.deb
Size/MD5 checksum: 5624824 32d27878083f551fcd1803c2cf0dbd4b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_alpha.deb
Size/MD5 checksum: 1853416 56085571ef17a26770c6eb04538339eb
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_alpha.deb
Size/MD5 checksum: 1303016 1edaf6edfb68b3caf043c8dfb8d593c7
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_alpha.deb
Size/MD5 checksum: 506642 a7d279ea4ad3b1e2238e82dee4534af1
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_alpha.deb
Size/MD5 checksum: 3628530 ff2e6271979624e7026117a05df3f03a
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_alpha.deb
Size/MD5 checksum: 204634 97a9df7f542c88b5900ac5b2458d9a70
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_alpha.deb
Size/MD5 checksum: 2910284 e94a51ca1a6fb3fdea8484f373e10353
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_alpha.deb
Size/MD5 checksum: 739996 c50b8272e79b045b959b54870c5f1598
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_alpha.deb
Size/MD5 checksum: 359504 17c1732ab05c071a95a8b311d9efabdd
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_amd64.deb
Size/MD5 checksum: 315158 4ca83e592759f2b2ee4bc67f479aab29
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_amd64.deb
Size/MD5 checksum: 643222 07f4655546acdf3d4535e9a5db9f2255
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_amd64.deb
Size/MD5 checksum: 1917858 513bc6c6de8bb1cdefaf8e5727aef220
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_amd64.deb
Size/MD5 checksum: 1134526 9daea210979bd01814a3aebcf71b2fa1
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_amd64.deb
Size/MD5 checksum: 182478 232cafee4236d622b2fcf4d253fc5269
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_amd64.deb
Size/MD5 checksum: 2208172 82afb10142c3e7cec7273547acd7037e
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_amd64.deb
Size/MD5 checksum: 454664 2ec4fb4ce52fc9b585c6d244a663a69a
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_amd64.deb
Size/MD5 checksum: 3284292 dd5aece3f1272ec87d14a79feaf6fd6b
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_hppa.deb
Size/MD5 checksum: 3292666 10f50a1cdd46b4b6b8e2754a6f7455da
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_hppa.deb
Size/MD5 checksum: 184440 215b5cc8e1663022ac6ca0b729ec7714
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_hppa.deb
Size/MD5 checksum: 1184938 4ef86e59b8f30eca29151f881048c093
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)