The OpenAFS Guardians are happy to announce the availability of Security Releases OpenAFS 1.8.5 and 1.6.24. Source files can be accessed via the web at:
https://www.openafs.org/release/openafs-1.8.5.html
https://www.openafs.org/release/openafs-1.6.24.html
or via AFS at:
UNIX: /afs/grand.central.org/software/openafs/1.8.5/
UNC: \\afs\grand.central.org\software\openafs\1.8.5\
UNIX: /afs/grand.central.org/software/openafs/1.6.24/
UNC: \\afs\grand.central.org\software\openafs\1.6.24\
These releases include fixes for three security advisories:
http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt
http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt
OPENAFS-SA-2019-001 and OPENAFS-SA-2019-002 are for information disclosure
over the network via uninitialized RPC output variables; they differ in that
-001 affects RPCs that failed, whereas -002 can occur even for successful
returns.
OPENAFS-SA-2019-003 is a denial of service condition whereby anonymous
attackers can cause pthreaded database servers to segmentation fault (NULL
dereference).
Please see the release notes and security advisories for additional details.
Bug reports should be filed to openafs-b...@openafs.org.
Benjamin Kaduk
for the OpenAFS Guardians
signature.asc
Description: PGP signature
