Login
Newsletter
Werbung

Sicherheit: Denial of Service in openafs
Aktuelle Meldungen Distributionen
Name: Denial of Service in openafs
ID: DSA-1458-1
Distribution: Debian
Plattformen: Debian sarge, Debian etch
Datum: Do, 10. Januar 2008, 22:02
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6599
http://www.securityfocus.com/bid/27132
Applikationen: OpenAFS

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1458-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
January 10, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : openafs
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-6599
BugTraq ID : 27132

A race condition in the OpenAFS fileserver allows remote attackers to
cause a denial of service (daemon crash) by simultaneously acquiring and
giving back file callbacks, which causes the handler for the
GiveUpAllCallBacks RPC to perform linked-list operations without the
host_glock lock.

For the stable distribution (etch), this problem has been fixed in
version 1.4.2-6etch1

For the old stable distribution (sarge), this problem has been fixed in
version 1.3.81-3sarge3

We recommend that you upgrade your openafs packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k,
mips, mipsel, powerpc, s390 and sparc.

Source archives:

openafs_1.3.81-3sarge3.dsc
Size/MD5 checksum: 851 e976cc846cb191828237473b1d0e4983
openafs_1.3.81.orig.tar.gz
Size/MD5 checksum: 13455346 d754e92f7a0cd9824991c850e001884c
openafs_1.3.81-3sarge3.diff.gz
Size/MD5 checksum: 261881 e28ed82f25816569ae6f1e74c7cd651b

Architecture independent packages:

openafs-modules-source_1.3.81-3sarge3_all.deb
Size/MD5 checksum: 4616288 3e229a9fe2d2b561a71622feac362a0a

alpha architecture (DEC Alpha)

openafs-fileserver_1.3.81-3sarge3_alpha.deb
Size/MD5 checksum: 1111526 3c76348f4a27d5cda9aaa689ae9b1e11
libpam-openafs-kaserver_1.3.81-3sarge3_alpha.deb
Size/MD5 checksum: 271230 33707e0d7ad8bb2b2ed152e5d92ae1fb
openafs-dbserver_1.3.81-3sarge3_alpha.deb
Size/MD5 checksum: 693318 8977f1b81728d32a2f58fc7adaba7a49
openafs-kpasswd_1.3.81-3sarge3_alpha.deb
Size/MD5 checksum: 306556 c68d43f0a515c3ef40c26a69c3fa5267
openafs-client_1.3.81-3sarge3_alpha.deb
Size/MD5 checksum: 2228482 4df236f17ca09f966381191bc744738c
libopenafs-dev_1.3.81-3sarge3_alpha.deb
Size/MD5 checksum: 1892222 47914dd9a679b3e5ef7073d2c9b992f9

amd64 architecture (AMD x86_64 (AMD64))

libopenafs-dev_1.3.81-3sarge3_amd64.deb
Size/MD5 checksum: 1442304 440380aae37ad9570d3488b2b94c1f20
openafs-dbserver_1.3.81-3sarge3_amd64.deb
Size/MD5 checksum: 555860 3d5eeca465e786c8e3aeaa0f3a33c237
openafs-kpasswd_1.3.81-3sarge3_amd64.deb
Size/MD5 checksum: 246504 a1f8f9151ddf5d8b2223ccc9011262ea
libpam-openafs-kaserver_1.3.81-3sarge3_amd64.deb
Size/MD5 checksum: 229864 b17737eccca71f36bc1d2353979a8c5f
openafs-client_1.3.81-3sarge3_amd64.deb
Size/MD5 checksum: 1833444 365d0d014c6328440fcab8c9f8a7b290
openafs-fileserver_1.3.81-3sarge3_amd64.deb
Size/MD5 checksum: 884294 72860be9817d2a76f7dee14f133e55c3

hppa architecture (HP PA RISC)

openafs-kpasswd_1.3.81-3sarge3_hppa.deb
Size/MD5 checksum: 248674 8211521a46ed37194b1389206967afaa
openafs-fileserver_1.3.81-3sarge3_hppa.deb
Size/MD5 checksum: 919204 c0fa4e2db69bcba11c9ee4dda530d361
openafs-client_1.3.81-3sarge3_hppa.deb
Size/MD5 checksum: 1827896 4555b91cc17ff27b33012e56736b93e7
openafs-dbserver_1.3.81-3sarge3_hppa.deb
Size/MD5 checksum: 555912 6eaa5c2f587367d3fb9ea0c991a2e42c
libopenafs-dev_1.3.81-3sarge3_hppa.deb
Size/MD5 checksum: 1508082 076c45dfa9ac8f962c0f8cd3edca36ff
libpam-openafs-kaserver_1.3.81-3sarge3_hppa.deb
Size/MD5 checksum: 250190 9f56665de9b2cdf4dd77d25e5ea80f67

i386 architecture (Intel ia32)

libpam-openafs-kaserver_1.3.81-3sarge3_i386.deb
Size/MD5 checksum: 217500 700591848a35d23ce47290f24cae4fbd
openafs-fileserver_1.3.81-3sarge3_i386.deb
Size/MD5 checksum: 783520 d59e41054171bc7d1fb0aba29f02a350
openafs-client_1.3.81-3sarge3_i386.deb
Size/MD5 checksum: 1547026 79eaa3c48d97c4fef817247c422ccac3
libopenafs-dev_1.3.81-3sarge3_i386.deb
Size/MD5 checksum: 1274902 a402d82dcccfcbb98900c10c819f74e4
openafs-kpasswd_1.3.81-3sarge3_i386.deb
Size/MD5 checksum: 205700 371cba49e969d2177930a8c0fba08acb
openafs-dbserver_1.3.81-3sarge3_i386.deb
Size/MD5 checksum: 466994 0dcffdb0d36cc18ee29c445fc2099fda

ia64 architecture (Intel ia64)

openafs-dbserver_1.3.81-3sarge3_ia64.deb
Size/MD5 checksum: 767748 922758417f41c9042a0b981b4e821ed1
openafs-client_1.3.81-3sarge3_ia64.deb
Size/MD5 checksum: 2592104 803aa4ef7d09ee197f24df23b795daf0
openafs-kpasswd_1.3.81-3sarge3_ia64.deb
Size/MD5 checksum: 350256 d8fa12297f5356b49d29e6fb29091fda
libpam-openafs-kaserver_1.3.81-3sarge3_ia64.deb
Size/MD5 checksum: 310280 290defd02a6dbf0f67f2ba58a2b476c9
libopenafs-dev_1.3.81-3sarge3_ia64.deb
Size/MD5 checksum: 1841412 ffcad21ff23511bf2d63a3dbc64c36e3
openafs-fileserver_1.3.81-3sarge3_ia64.deb
Size/MD5 checksum: 1277792 8d450683d8e95f67900405f18bc1b6de

powerpc architecture (PowerPC)

openafs-dbserver_1.3.81-3sarge3_powerpc.deb
Size/MD5 checksum: 517662 9b59769223c18e987a77013f9d8c0300
openafs-kpasswd_1.3.81-3sarge3_powerpc.deb
Size/MD5 checksum: 229684 abfc07fb1905dcf791061ed4150b26b6
openafs-client_1.3.81-3sarge3_powerpc.deb
Size/MD5 checksum: 1692200 da974fc36d3d5d1341e77f80e86ee211
openafs-fileserver_1.3.81-3sarge3_powerpc.deb
Size/MD5 checksum: 852162 4990eb799fef4094addf9fc20b92a8c6
libopenafs-dev_1.3.81-3sarge3_powerpc.deb
Size/MD5 checksum: 1460262 1751615de133fcd2f5c4b029a32b1beb
libpam-openafs-kaserver_1.3.81-3sarge3_powerpc.deb
Size/MD5 checksum: 223554 9df7d747f46b12eac1213c420d0c617f

s390 architecture (IBM S/390)

openafs-dbserver_1.3.81-3sarge3_s390.deb
Size/MD5 checksum: 473236 e6614ec300bf67f58713a63c8295d9d9
openafs-kpasswd_1.3.81-3sarge3_s390.deb
Size/MD5 checksum: 212084 4521ec178094273d6f853dfe9984b1e5
libpam-openafs-kaserver_1.3.81-3sarge3_s390.deb
Size/MD5 checksum: 224854 b1b5099db8e51c7b06af169af1ae8473
openafs-client_1.3.81-3sarge3_s390.deb
Size/MD5 checksum: 1536414 7b444adef57f3535661ecad5b91aa50d
libopenafs-dev_1.3.81-3sarge3_s390.deb
Size/MD5 checksum: 1383964 076d2df92940591dcd09c3beeeb2e4fc
openafs-fileserver_1.3.81-3sarge3_s390.deb
Size/MD5 checksum: 762240 6266fc592f0426aed77a62c8f45ca0a8

sparc architecture (Sun SPARC/UltraSPARC)

libpam-openafs-kaserver_1.3.81-3sarge3_sparc.deb
Size/MD5 checksum: 215874 663b6fdfd91ea4f1b20d91d8a65b6021
openafs-client_1.3.81-3sarge3_sparc.deb
Size/MD5 checksum: 1542632 18efaaad5c53eb8efc56d17ed9a49bd4
libopenafs-dev_1.3.81-3sarge3_sparc.deb
Size/MD5 checksum: 1331536 77c16cc6d140ecb42b22e91e591cd56a
openafs-fileserver_1.3.81-3sarge3_sparc.deb
Size/MD5 checksum: 775104 fd19130984d2434dd1f903117943b10c
openafs-kpasswd_1.3.81-3sarge3_sparc.deb
Size/MD5 checksum: 209502 be4bb6a273b96ea8b895462f29f9176f
openafs-dbserver_1.3.81-3sarge3_sparc.deb
Size/MD5 checksum: 459574 ba8061dcdd273138b1eec7a581f2505c

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips,
mipsel, powerpc, s390 and sparc.

Source archives:

openafs_1.4.2-6etch1.diff.gz
Size/MD5 checksum: 117510 2e34f43b59444768ed69bde2e15c0f93
openafs_1.4.2.orig.tar.gz
Size/MD5 checksum: 9210858 5c1c4c39a592ec52f5a4fa68f89ab7e3
openafs_1.4.2-6etch1.dsc
Size/MD5 checksum: 879 7dc9cb6b160d09b9daa364a6b42573ff

Architecture independent packages:

openafs-doc_1.4.2-6etch1_all.deb
Size/MD5 checksum: 2989598 a05f8ec2a6db2775f45dbc9e839da685
openafs-modules-source_1.4.2-6etch1_all.deb
Size/MD5 checksum: 5739796 b88a073e49f76d86d0639eece8c15801

alpha architecture (DEC Alpha)

openafs-client_1.4.2-6etch1_alpha.deb
Size/MD5 checksum: 3627092 4119e1a7a55ee68880f1e142c0fdd70f
openafs-fileserver_1.4.2-6etch1_alpha.deb
Size/MD5 checksum: 1302986 9a6e5450f64a11cab0f15ef8ed2daf26
openafs-krb5_1.4.2-6etch1_alpha.deb
Size/MD5 checksum: 203332 abb48a00583cfdd3938e8721943cf3a8
openafs-kpasswd_1.4.2-6etch1_alpha.deb
Size/MD5 checksum: 359628 76bd610ae9f352fa48e68edf26304aef
libopenafs-dev_1.4.2-6etch1_alpha.deb
Size/MD5 checksum: 2923162 a3dc29dcb35d8953504b790e873d9cf1
openafs-dbg_1.4.2-6etch1_alpha.deb
Size/MD5 checksum: 1853582 1e6946b3b1f4ed4ba783cfafe980a37d
openafs-dbserver_1.4.2-6etch1_alpha.deb
Size/MD5 checksum: 740182 266a3cfebcf3399c8aece740ff8e11b7
libpam-openafs-kaserver_1.4.2-6etch1_alpha.deb
Size/MD5 checksum: 506468 db89fb29220c29ae8bdeb8846fe56a07

amd64 architecture (AMD x86_64 (AMD64))

libpam-openafs-kaserver_1.4.2-6etch1_amd64.deb
Size/MD5 checksum: 454440 0b162dfc097b5f1135004bb0698dc39d
openafs-dbg_1.4.2-6etch1_amd64.deb
Size/MD5 checksum: 1917568 95f27ef79eae78b3b29574d54eece7c0
libopenafs-dev_1.4.2-6etch1_amd64.deb
Size/MD5 checksum: 2207856 de138ad94fba3ee3712f0b34316302af
openafs-krb5_1.4.2-6etch1_amd64.deb
Size/MD5 checksum: 182310 e4f0d60cdeb2bd80103b461978a232a8
openafs-client_1.4.2-6etch1_amd64.deb
Size/MD5 checksum: 3283284 118d6283652ac4daaf7ea1d07a323f37
openafs-fileserver_1.4.2-6etch1_amd64.deb
Size/MD5 checksum: 1134402 94637f6da5e69ce8f5a82406e57e6459
openafs-kpasswd_1.4.2-6etch1_amd64.deb
Size/MD5 checksum: 315030 38ce302c3b5b8dc3bfa56c47056c5902
openafs-dbserver_1.4.2-6etch1_amd64.deb
Size/MD5 checksum: 643228 e1b34754c8e5027b36b406dc9504014c

hppa architecture (HP PA RISC)

openafs-kpasswd_1.4.2-6etch1_hppa.deb
Size/MD5 checksum: 319832 be9dead7f0f3469ffdc1503eee98c2e0
openafs-dbg_1.4.2-6etch1_hppa.deb
Size/MD5 checksum: 1796338 e0be88e194a7b3acb3f2086f0d09f7bd
openafs-dbserver_1.4.2-6etch1_hppa.deb
Size/MD5 checksum: 645672 f1985fecfb5ebe14e277ec2f49ba6170
openafs-fileserver_1.4.2-6etch1_hppa.deb
Size/MD5 checksum: 1183618 b49bd59c6b7484eb9a70cfebd7826a7a
libopenafs-dev_1.4.2-6etch1_hppa.deb
Size/MD5 checksum: 2382642 69c2d83cdfb7f3a7b2eec451508a484b
openafs-krb5_1.4.2-6etch1_hppa.deb
Size/MD5 checksum: 184270 38f5874405c51a2bf61049eb54831d67
libpam-openafs-kaserver_1.4.2-6etch1_hppa.deb
Size/MD5 checksum: 479366 c22ca484b2c84cfd8d56bf6d32351289
openafs-client_1.4.2-6etch1_hppa.deb
Size/MD5 checksum: 3285472 9c4399cf9778602467056cc974e08e7d

i386 architecture (Intel ia32)

openafs-dbserver_1.4.2-6etch1_i386.deb
Size/MD5 checksum: 543662 75bb15499bb19ecd838dd307bc7bb1f6
openafs-dbg_1.4.2-6etch1_i386.deb
Size/MD5 checksum: 1859228 f37c9f8513ff2885552f7a253054d280
openafs-kpasswd_1.4.2-6etch1_i386.deb
Size/MD5 checksum: 271164 815a07baf484b25a31946d5b23da08d2
openafs-client_1.4.2-6etch1_i386.deb
Size/MD5 checksum: 2857542 20bab5cc08b997ceff6703ca79b30614
libopenafs-dev_1.4.2-6etch1_i386.deb
Size/MD5 checksum: 1894590 e2d2fa8b6a5fe10d69db86eeea3e3061
libpam-openafs-kaserver_1.4.2-6etch1_i386.deb
Size/MD5 checksum: 412258 ef22e27857987188d7bb693e6c4b6c48
openafs-fileserver_1.4.2-6etch1_i386.deb
Size/MD5 checksum: 1005052 9296fe936d7b2cc5b6e000cf732e1265
openafs-krb5_1.4.2-6etch1_i386.deb
Size/MD5 checksum: 159544 515bab8ac2b70db336e5c1ff1687cf0b

ia64 architecture (Intel ia64)

openafs-dbg_1.4.2-6etch1_ia64.deb
Size/MD5 checksum: 1795782 219afc80145bc2fdcbfa6c0ddc499c71
openafs-kpasswd_1.4.2-6etch1_ia64.deb
Size/MD5 checksum: 441932 efb43feed2a2622e5bc998480886ffc3
openafs-krb5_1.4.2-6etch1_ia64.deb
Size/MD5 checksum: 249084 a7bf489cc5312804a975ed54eea78da3
openafs-dbserver_1.4.2-6etch1_ia64.deb
Size/MD5 checksum: 919754 6a0d714f6a0ac86f99f07426c93444e5
openafs-fileserver_1.4.2-6etch1_ia64.deb
Size/MD5 checksum: 1721588 1f332c21b904045b9af40c91745e5f5a
libpam-openafs-kaserver_1.4.2-6etch1_ia64.deb
Size/MD5 checksum: 654748 b38cbe755b945791154854defb601737
libopenafs-dev_1.4.2-6etch1_ia64.deb
Size/MD5 checksum: 3062280 a089e38e502bc3c011a4e50051c633fe
openafs-client_1.4.2-6etch1_ia64.deb
Size/MD5 checksum: 4527440 6d56ff6c53df824107221dc869ff8a1b

powerpc architecture (PowerPC)

libopenafs-dev_1.4.2-6etch1_powerpc.deb
Size/MD5 checksum: 2186102 53d737a6c95aa38f3d009ad37e67ba1b
openafs-krb5_1.4.2-6etch1_powerpc.deb
Size/MD5 checksum: 173876 f1d02ff85d878907aec03e4ac2a52193
openafs-dbg_1.4.2-6etch1_powerpc.deb
Size/MD5 checksum: 1836364 0d87a032ccc7525645ea4f86000cab1c
openafs-client_1.4.2-6etch1_powerpc.deb
Size/MD5 checksum: 3082512 e68b50a759165ef711ac5df2a43158a5
openafs-kpasswd_1.4.2-6etch1_powerpc.deb
Size/MD5 checksum: 297690 b6be09bdcebda88218fcff8fc4193f45
openafs-dbserver_1.4.2-6etch1_powerpc.deb
Size/MD5 checksum: 597156 86538a031ec48c51a47603785a76b8f2
openafs-fileserver_1.4.2-6etch1_powerpc.deb
Size/MD5 checksum: 1101324 619426a084808af40354c4b14870f147
libpam-openafs-kaserver_1.4.2-6etch1_powerpc.deb
Size/MD5 checksum: 463150 fcdeeab1bde5b021bbf84267edd78b46

s390 architecture (IBM S/390)

openafs-dbg_1.4.2-6etch1_s390.deb
Size/MD5 checksum: 1688792 f7b79590a980d664f401ae0fdc1f3956
openafs-krb5_1.4.2-6etch1_s390.deb
Size/MD5 checksum: 165072 4daf05495997c84cce683eaf22d6fce3
openafs-client_1.4.2-6etch1_s390.deb
Size/MD5 checksum: 2903280 1e045d3be6d721aa777934d89e8737ee
openafs-kpasswd_1.4.2-6etch1_s390.deb
Size/MD5 checksum: 282972 625a5f4add61e7b924e2df6a41b69a2a
openafs-dbserver_1.4.2-6etch1_s390.deb
Size/MD5 checksum: 563302 67187a1e033fd77bc356cc0840fbba87
libpam-openafs-kaserver_1.4.2-6etch1_s390.deb
Size/MD5 checksum: 415598 0d112df8223bf8dd5f2ae4fc987e5176
openafs-fileserver_1.4.2-6etch1_s390.deb
Size/MD5 checksum: 1013276 1e1839d5776b6087882cf9d30c1c7aa6
libopenafs-dev_1.4.2-6etch1_s390.deb
Size/MD5 checksum: 1999702 7514ddb7ec1fe7097ba054bb11291428

sparc architecture (Sun SPARC/UltraSPARC)

libpam-openafs-kaserver_1.4.2-6etch1_sparc.deb
Size/MD5 checksum: 411794 d977f39c4d36d2e7fdcbb9e41be6d338
openafs-fileserver_1.4.2-6etch1_sparc.deb
Size/MD5 checksum: 992738 426057a7bab8a91a496375f68bc87a5d
openafs-client_1.4.2-6etch1_sparc.deb
Size/MD5 checksum: 2848950 ac726e21dc5fb911d260cb6f1a468cb6
openafs-dbg_1.4.2-6etch1_sparc.deb
Size/MD5 checksum: 1645308 c57a0e57768b24e335b25687a10c6713
libopenafs-dev_1.4.2-6etch1_sparc.deb
Size/MD5 checksum: 2041582 c340c65e422ce37f01ccc90eecae6728
openafs-dbserver_1.4.2-6etch1_sparc.deb
Size/MD5 checksum: 529396 b62edafb34cbcf1bffaae81eaf9371c8
openafs-kpasswd_1.4.2-6etch1_sparc.deb
Size/MD5 checksum: 274194 9484352b3edb64cda69ab27e560438ca
openafs-krb5_1.4.2-6etch1_sparc.deb
Size/MD5 checksum: 159066 9e5796fd4f3f8d14effab03d309d4465


These files will probably be moved into the stable distribution on
its next update.

-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHhoQ4YrVLjBFATsMRAoZ8AJ4mZjjDojzJKq/GZd3rgnIP0UH3ygCeIB5S
90sF4u9P/lAJvSiggRmSZ4U=
=LYm0
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung