[OpenAFS-announce] OpenAFS security release 1.6.20 available
Benjamin Kaduk
openafs-info@openafs.org
Wed, 30 Nov 2016 19:12:36 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The OpenAFS Security Team is pleased to announce the availability of
OpenAFS version 1.6.20 for UNIX/Linux. Source files can be accessed via
the web at:
https://www.openafs.org/dl/openafs/1.6.20/
or via AFS at:
/afs/grand.central.org/software/openafs/1.6.20/
\\afs\grand.central.org\software\openafs\1.6.20\
There are no binaries yet. Those will be uploaded as they become
available.
OpenAFS 1.6.20 is the next in the current series of stable releases of
OpenAFS for all platforms except Microsoft Windows.
This release fixes the vulnerability tracked as OPENAFS-SA-2016-003.
OPENAFS-SA-2016-003: Directory information (file/directory names, etc.)
leakage over the network due to buffer reuse without zeroing
For more details please see
https://dl.openafs.org/dl/1.6.20/RELNOTES-1.6.20
https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
Bug reports should be filed to openafs-bugs@openafs.org.
ACKNOWLEDGEMENTS
OPENAFS-SA-2016-003 was reported by Mark Vitale
Benjamin Kaduk
OpenAFS Security Officer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGgBAEBCgAGBQJYP3i7AAoJECjZpvNk63USd8wMHiY+7TFn6VYOYurdj6LqEMij
tZgGjDQNbcYqhhWr6/aEl9p7gMgZRhy9G/6NSM5P5kShVkj9S8P6GGArfTeMFOsu
vKaJl4Dvmcn55Uh+ENOcWt2E4aINTLwVNeSe2fvt4w7wQzxZ+jtHbVFdlm8tCSiz
aePx4H7pv0aYwDhnPO7yyN0ifUgbNUZCSUgN3lemJuX3lHavXI2lOZPJ9ze76o3d
EXm35rrgOWOMpLAr8VkZLwm3oxp5QUNSX1Tbq2XwOhTnpdf5uqYChsisU3bxxq+k
Hyl2BF907uzNTCe9kQaeGjtrmCIAsibZMv2VaH2oF8iKrd/ovJ5gt7Vx0HJJrNjx
RM2r/juVrdndD+iucTUGZtlhodVTP9Awe5vhlsyTxpIoqmAJdjK1vhW1jBgzEWA+
Be9gP5e25TkQXgFbS6WzIpgo3w3snjDtK8cxST3hOGSSuApyolk8kE1wGJF6V7fe
kT21NqHpOvJTwjnQQNBX2d17vdxl6rAN8bujlHC1yu1jr5M=
=FJn9
-----END PGP SIGNATURE-----