[OpenAFS-announce] OpenAFS security release 1.6.15 available

Jeffrey Altman openafs-info@openafs.org
Wed, 28 Oct 2015 15:52:27 -0400


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--JLLhuUNsnnrqmic35wvNni3lXxhcx5G2k
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

The OpenAFS Security Team is pleased to announce the availability of
OpenAFS version 1.6.15 for UNIX/Linux. Source files can be accessed via
the web at:

  http://www.openafs.org/dl/openafs/1.6.15/

or via AFS at:

   /afs/grand.central.org/software/openafs/1.6.15/
  \\afs\grand.central.org\software\openafs\1.6.15\

There are no binaries yet. Those will be uploaded as they become
available.

OpenAFS 1.6.15 is the next in the current series of stable releases of
OpenAFS for all platforms except Microsoft Windows.

This release fixes the high impact security vulnerability named
"Tattletale" and tracked as OPENAFS-SA-2015-007 and CVE-2015-7762 and
CVE-2015-7763.

The packet paylod of Rx ACK packets is not fully initialized, leaking
plaintext from packets previously processed.

For more details please see

  http://dl.openafs.org/dl/1.6.15/RELNOTES-1.6.15

  http://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt

Bug reports should be filed to openafs-bugs@openafs.org.

ACKNOWLEDGEMENTS
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Both issues were identified by John Stumpo.

The patches were developed by Simon Wilkinson, with assistance from
Jeffrey Altman and Benjamin Kaduk.

Jeffrey Altman
OpenAFS Gatekeeper
on behalf of the Security Team






--JLLhuUNsnnrqmic35wvNni3lXxhcx5G2k
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWMSeNAAoJENxm1CNJffh4WFgH/jWSc4tbj9eA8xUlXGZsYwkj
8C6mkTSYAGVzVCVPQFhe6Z+ho+V1AtNajQRSgAwaijEQydibk3N4YAytWn/5B3ru
xGzIzZn35L5zBqPnThrcdAKLtu+N/7aXqzaJ2Opt29LSgqihqy9pXdIpeRSfZy/8
3QZsxz2mY4Tm3b3IO3UWzL+D99KgSLKqQVE9WxYd0ytNXSARbMuIxYhFqAjXRxF9
L5UeuiZgTELzeqNXbjvrENw0TYnuYJi0AKKbASmPjmdanfoISgiITEoLc+OAOHCR
8tO6yE1HDMsaZ1M85O6l+/IbPsCKlxBnizoRj4iVXWXixfwjfWq4NAYh6EbWTzA=
=WM2Z
-----END PGP SIGNATURE-----

--JLLhuUNsnnrqmic35wvNni3lXxhcx5G2k--