[OpenAFS-announce] OpenAFS security release 1.6.15 available
Wed, 28 Oct 2015 15:52:27 -0400
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
Content-Type: text/plain; charset=utf-8
The OpenAFS Security Team is pleased to announce the availability of
OpenAFS version 1.6.15 for UNIX/Linux. Source files can be accessed via
the web at:
or via AFS at:
There are no binaries yet. Those will be uploaded as they become
OpenAFS 1.6.15 is the next in the current series of stable releases of
OpenAFS for all platforms except Microsoft Windows.
This release fixes the high impact security vulnerability named
"Tattletale" and tracked as OPENAFS-SA-2015-007 and CVE-2015-7762 and
The packet paylod of Rx ACK packets is not fully initialized, leaking
plaintext from packets previously processed.
For more details please see
Bug reports should be filed to firstname.lastname@example.org.
Both issues were identified by John Stumpo.
The patches were developed by Simon Wilkinson, with assistance from
Jeffrey Altman and Benjamin Kaduk.
on behalf of the Security Team
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
-----END PGP SIGNATURE-----