Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in openafs
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in openafs
ID: MDVSA-2009:099-1
Distribution: Mandriva
Plattformen: Mandriva 2008.0
Datum: Di, 8. Dezember 2009, 19:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1251
Applikationen: OpenAFS

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260297932-24326-1842


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:099-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openafs
Date : December 8, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in openafs:

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and
1.5.0 through 1.5.58 on Linux allows remote attackers to cause a
denial of service (system crash) via an RX response with a large
error-code value that is interpreted as a pointer and dereferenced,
related to use of the ERR_PTR macro (CVE-2009-1250).

Heap-based buffer overflow in the cache manager in the client in
OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms
allows remote attackers to cause a denial of service (system crash)
or possibly execute arbitrary code via an RX response containing
more data than specified in a request, related to use of XDR arrays
(CVE-2009-1251).

The updated packages have been patched to correct these issues.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1251
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
7b1982e29d59fa48973516226ef5ba38
2008.0/i586/dkms-libafs-1.4.4-8.3mdv2008.0.i586.rpm
302f3e4ef80a7a312d5a95f7a7bee7fb
2008.0/i586/libopenafs1-1.4.4-8.3mdv2008.0.i586.rpm
840e913861ed14fef8e5eccc7e65c13a
2008.0/i586/libopenafs1-devel-1.4.4-8.3mdv2008.0.i586.rpm
0fe92b704d5956205abf1a412c3084ce
2008.0/i586/openafs-1.4.4-8.3mdv2008.0.i586.rpm
eab2d124df726a795fdc0a926f96a097
2008.0/i586/openafs-client-1.4.4-8.3mdv2008.0.i586.rpm
651a5ea7af39e8089ce778dc91d8bbd6
2008.0/i586/openafs-doc-1.4.4-8.3mdv2008.0.i586.rpm
a0cab0f7b039f0769a90f1c731257659
2008.0/i586/openafs-server-1.4.4-8.3mdv2008.0.i586.rpm
32880b76d44f126c2d5c06366a47d48d
2008.0/SRPMS/openafs-1.4.4-8.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
2f62764a76389c4cd7af690fa6f3f570
2008.0/x86_64/dkms-libafs-1.4.4-8.3mdv2008.0.x86_64.rpm
8714e19c9e2af64f4c32187e96679c68
2008.0/x86_64/lib64openafs1-1.4.4-8.3mdv2008.0.x86_64.rpm
9140e1c3ef876fb9b445f818122c07ab
2008.0/x86_64/lib64openafs1-devel-1.4.4-8.3mdv2008.0.x86_64.rpm
c8b22c0e5b789f5a435237437e5e9aa5
2008.0/x86_64/openafs-1.4.4-8.3mdv2008.0.x86_64.rpm
dd5199fb52dba4dbe8793c9991997b69
2008.0/x86_64/openafs-client-1.4.4-8.3mdv2008.0.x86_64.rpm
3d4ba9a602631ecfd4b2fa866e11d3fe
2008.0/x86_64/openafs-doc-1.4.4-8.3mdv2008.0.x86_64.rpm
9fe0892bec50d481644be493c51ef971
2008.0/x86_64/openafs-server-1.4.4-8.3mdv2008.0.x86_64.rpm
32880b76d44f126c2d5c06366a47d48d
2008.0/SRPMS/openafs-1.4.4-8.3mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLHnMymqjQ0CJFipgRAnyRAKDz4SND8aXaLetF99eprBwUkfdbNgCgl/4e
wTt1CxszEI6W3NfBGxjHH4c=
=oAdf
-----END PGP SIGNATURE-----


------------=_1260297932-24326-1842
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260297932-24326-1842--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung