[OpenAFS-announce] OpenAFS Security Releases 1.8.5, 1.6.24 available

Benjamin Kaduk openafs-info@openafs.org
Tue, 22 Oct 2019 16:35:23 -0700 

--uZ3hkaAS1mZxFaxD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


The OpenAFS Guardians are happy to announce the availability of
Security Releases OpenAFS 1.8.5 and 1.6.24.
Source files can be accessed via the web at:

       https://www.openafs.org/release/openafs-1.8.5.html
       https://www.openafs.org/release/openafs-1.6.24.html

or via AFS at:

       UNIX: /afs/grand.central.org/software/openafs/1.8.5/
       UNC: \\afs\grand.central.org\software\openafs\1.8.5\
       UNIX: /afs/grand.central.org/software/openafs/1.6.24/
       UNC: \\afs\grand.central.org\software\openafs\1.6.24\

These releases include fixes for three security advisories:
  http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
  http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt
  http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt

OPENAFS-SA-2019-001 and OPENAFS-SA-2019-002 are for information disclosure
over the network via uninitialized RPC output variables; they differ in that
-001 affects RPCs that failed, whereas -002 can occur even for successful
returns.

OPENAFS-SA-2019-003 is a denial of service condition whereby anonymous
attackers can cause pthreaded database servers to segmentation fault (NULL
dereference).

Please see the release notes and security advisories for additional details.

Bug reports should be filed to openafs-bugs@openafs.org.

Benjamin Kaduk
for the OpenAFS Guardians

--uZ3hkaAS1mZxFaxD
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQG3BAABCgAdFiEE2WGV4E2ARf9BYP0XKNmm82TrdRIFAl2vkjUACgkQKNmm82Tr
dRKD7wwgxMveEcGpo+6JWhWHAk8zQFtVgNxO8AM7jhnD9lnrzgNxN9sO7dzUco3Z
xAymT4uBgDMG+pw79NwysaVKjhksNeRtqvfigd0D7EfUs+zeGgcuy3KdFS/llYEE
RKUMd8+XXpfulwRkNM8ebp+vAsZGJYNyy0IZjbtUDlgZNckDvLBtHEPwo/L0ukyR
LcBobpjsN6CneW0xIVVcH1qQhebDwIE/cKOTUbKGawzahCOdmv4x8ZLFhMPYrJ7V
1/8Opn8/YJeEYEvAuQT4tFZo6wot+3XgniL94rJxzXA+EqqY8NRoM6Zv2n5JKAWa
56TL7I7iJY7DOMQQXduQWDF4L+H5ayUA6F/qexnlt5Xx2sTbtTeEES5SvP6VJQRv
dbY9laThydVO8jshsfQ5RjE3OS5/QN1RkCooM/e6hHZ+pau3+65GbnVbJT6BVAwK
N84v19TsciJ9+P5wybRi5TuQIJXsvtYGl4gbQ0h+b9gEXpzuzZmWHKUUAiMKraOu
0IkPRPXgDlvryg==
=OnIu
-----END PGP SIGNATURE-----

--uZ3hkaAS1mZxFaxD--