This bug was fixed in the package openafs - 1.6.7-1ubuntu1.1
---------------
openafs (1.6.7-1ubuntu1.1) trusty-security; urgency=low
* SECURITY UPDATES (LP: #1513461):
- CVE-2015-3282: Clear nvldbentry before sending on the wire
- CVE-2015-3283: Use crypt for commands where spoofing could be a risk
- CVE-2015-3284: Clear pioctl data interchange buffer before use
- CVE-2015-3285: Use correct output buffer for FSCmd pioctl
- CVE-2015-6587: Disable regex volume name processing in ListAttributesN2
- CVE-2015-7762: Apply OPENAFS-SA-2015-007 "Tattletale" patch
- CVE-2015-7763: Apply OPENAFS-SA-2015-007 "Tattletale" patch
- OPENAFS-SA-2015-007.patch: Rx ACK packets leak plaintext of previous
packets
-- Klas Mattsson <klas.matts...@su.se> Tue, 10 Nov 2015 08:03:52 +0100
** Changed in: openafs (Ubuntu Trusty)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3282
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3283
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3284
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3285
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1513461
Title:
OPENAFS-SA-2015-007 "Tattletale"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1513461/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
