The OpenAFS Guardians are happy to announce the availability of Security Releases OpenAFS 1.8.5 and 1.6.24. Source files can be accessed via the web at:
https://www.openafs.org/release/openafs-1.8.5.html https://www.openafs.org/release/openafs-1.6.24.html or via AFS at: UNIX: /afs/grand.central.org/software/openafs/1.8.5/ UNC: \\afs\grand.central.org\software\openafs\1.8.5\ UNIX: /afs/grand.central.org/software/openafs/1.6.24/ UNC: \\afs\grand.central.org\software\openafs\1.6.24\ These releases include fixes for three security advisories: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt OPENAFS-SA-2019-001 and OPENAFS-SA-2019-002 are for information disclosure over the network via uninitialized RPC output variables; they differ in that -001 affects RPCs that failed, whereas -002 can occur even for successful returns. OPENAFS-SA-2019-003 is a denial of service condition whereby anonymous attackers can cause pthreaded database servers to segmentation fault (NULL dereference). Please see the release notes and security advisories for additional details. Bug reports should be filed to openafs-b...@openafs.org. Benjamin Kaduk for the OpenAFS Guardians
signature.asc
Description: PGP signature