Summary: | <net-fs/openafs-1.4.14: multiple vulnerabilities (CVE-2011-{0430,0431}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | andrej.filipcic, net-fs, proxy-maint, stefaan |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/43407 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-02-19 09:30:22 UTC
It's not obvious whether 1.4.14 fixes all of those vulnerabilities. Secunia claims it does, but there are no recent security advisories on http://www.openafs.org/security . I will request masking and removal of older releases. we cant remove 1.4.9 until 1.4.14 is stabilized I suggest to stabilize openafs 1.4.14. It is reported not to have the security vulnerability and it has been in unstable for more than a month with no problems reported. openafs-1.4.14-r1 and openafs-kernel-1.4.14 are now stable (In reply to comment #5) > openafs-1.4.14-r1 and openafs-kernel-1.4.14 are now stable Great, thanks. GLSA request filed. CVE-2011-0430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0430): Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors. This issue was resolved and addressed in GLSA 201404-05 at http://security.gentoo.org/glsa/glsa-201404-05.xml by GLSA coordinator Mikle Kolyada (Zlogene). |