[OpenAFS-announce] Notice of upcoming OpenAFS security release

Jeffrey Altman openafs-info@openafs.org
Mon, 26 Oct 2015 15:53:20 -0400


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Gx4BQCLvjGDLD37138gWapTNQuLq7u6WM
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

The OpenAFS security team has been alerted to a critical security flaw
impacting all implementations of Rx derived from the original Rx
implementation from the Andrew Project's AFS-3.  This flaw is not
limited to the AFS protocol or OpenAFS; other applications that use the
Rx RPC protocol are at risk if they use an Andrew-derived Rx implementati=
on.

The vulnerabilities will be tracked via CVE-2015-7762 and CVE-2015-7763.

We plan to release details of the vulnerability and patches at
approximately 3 p.m. EDT on Wednesday October 28th.  Binaries will
follow as available.

Jeffrey Altman
OpenAFS Gatekeeper





--Gx4BQCLvjGDLD37138gWapTNQuLq7u6WM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWLoTUAAoJENxm1CNJffh40PYIAI7c0PUmOHecvGOGZyeg2E3h
S0HBNnrj/bjspsaFgfAZ/DTIqXj1GyB4SiURq2SylMJMlDTJ+lMUuX2GEgNmPfzd
sMzm7RN03Gf0RZqgZIEnsiNbm+Amf2gImvG7XPOiLmruOzdpO+yJwa+nXoymLVH8
n3M3F3pZ7FtNRwcX5xgz+TGmsAAphgtjrEKKabyz+R8mFEH/kQ7zYtthfJjONut7
1zLXNZ/JKp22OH5SJ4tcFWfGjbWaQHehNfjWU2zLuoDasMZVng8OVlYPiBVDDN96
f0WfxtiuvTxKxKNKUaNV2loelzkP1Kf18pBWfDdb7I/ATGfo1jwxCbKVmbAVtwg=
=Tfe5
-----END PGP SIGNATURE-----

--Gx4BQCLvjGDLD37138gWapTNQuLq7u6WM--