[OpenAFS] OpenAFS security release 1.6.22 available

Benjamin Kaduk openafs-info@openafs.org
Tue, 5 Dec 2017 09:40:24 -0600


--7ZAtKRhVyVSsbBD2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


The OpenAFS Security Team is pleased to announce the availability of
OpenAFS version 1.6.22 for UNIX/Linux.  Source files can be accessed via
the web at:

  https://www.openafs.org/dl/openafs/1.6.22/

or via AFS at:

   /afs/grand.central.org/software/openafs/1.6.22/
  \\afs\grand.central.org\software\openafs\1.6.22\

There are no binaries yet. Those will be uploaded as they become
available.

OpenAFS 1.6.22 is the next in the current series of stable releases of
OpenAFS for all platforms except Microsoft Windows.

This release fixes the vulnerability tracked as OPENAFS-SA-2017-001.

OPENAFS-SA-2017-001: Rx denial of service (assertion failure) due
to insufficient validation of received transport parameters

For more details please see

  https://dl.openafs.org/dl/1.6.22/RELNOTES-1.6.22

  https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt

Bug reports should be filed to openafs-bugs@openafs.org.

ACKNOWLEDGEMENTS

OPENAFS-SA-2017-001 was reported by the team at AuriStor, Inc.

Benjamin Kaduk
OpenAFS Security Officer

--7ZAtKRhVyVSsbBD2
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQG3BAABCgAdFiEE2WGV4E2ARf9BYP0XKNmm82TrdRIFAlomveMACgkQKNmm82Tr
dRLbTQwePEpxKVLPzDRQJg1CoJp7zvBorthHQgFlNnOv+lcn+8nXkycAXgmtWt19
24cq0oPHvW6t9GQZh3XlccXnAB/5XGtxrYn70rOH6FXVRf0pq/bBJIW7CwOEiQ/6
Bb8Gmkm8e2PLN3EnBBznRqjRmPH6MDH031mkB8uKySBdPNp/bFf0ZfOS/e8jqtxZ
LHXtFCd8bqBLRRIWVCbLiLEL0M0Fqj7g6nPhUuJuzCBTkhVeOTdGQbKfJA4UwKKJ
yLFi80HaiLu7uOWdU44hFKn2W3efBJPw/xPmC647iwws5Pee7CW1OutQdnikhGUL
8ua8wFJmq6UXkeq8yXo8+108b2/T/hOcrRsYmp5K5lfP1R6kjaaKyAZbzOSBadv8
SIW3INBtRSKsJfr6D1lrF7yGm0wKEE16MkFK5ddCmSMYM4if82xMufhXBkSQFRge
q9aGR07f0WxYUd7ttWsu9OtCRajUM9V6LpjUNXCBUZ4/Me/N2XXnmkfYSGiWZI3H
VSZml26uk6i8SQ==
=hXXL
-----END PGP SIGNATURE-----

--7ZAtKRhVyVSsbBD2--