[OpenAFS] OpenAFS windows clients (Orpheus' Lyre)

Toby Blake toby@inf.ed.ac.uk
Fri, 21 Jul 2017 12:23:11 +0100


> On 15 Jul 2017, at 02:48, Jeffrey Altman <jaltman@auristor.com> wrote:
> 
> On 7/14/2017 5:45 AM, Toby Blake wrote:
[...]
>> We have been using the windows OpenAFS clients, as kindly provided by
>> Auristor/YFS.  My understanding is that this comes bundled with Heimdal
>> Kerberos.  Is this client vulnerable and requiring an update?
> 
> The Heimdal Kerberos bundled with the OpenAFS 1.7.3301 client as with
> all versions of Heimdal Kerberos prior to version 7.4 include the
> Orpheus' Lyre (CVE-2017-11103) bug.  The OpenAFS client does not require
> an update but Heimdal does.
> 
> Heimdal 7.4 installers for Windows are available from
> 
>  https://www.secure-endpoints.com/heimdal/#download
> 
> Heimdal Kerberos releases are produced by staff from AuriStor, Inc. and
> Two Sigma Investments.  Secure Endpoints, Inc. continues to package and
> distribute the Windows release.

Thanks for this information.  Before we advise our users accordingly...
are there any plans to update the Auristor OpenAFS client to include the
new Heimdal?

Cheers
Toby


-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.