| Summary: |
<net-fs/openafs-1.6.5: Traffic Encryption Information Disclosure Security Issue (CVE-2013-4135) |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
minor
|
CC: |
andrej.filipcic, net-fs, proxy-maint
|
| Priority: |
Normal
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
https://secunia.com/advisories/54184/
|
| Whiteboard: |
B4 [glsa] |
|
Package list:
|
|
Runtime testing required:
|
---
|
|---|
| Bug Depends on: |
478296, 478498
|
|
|
| Bug Blocks: |
|
|
|
From ${URL} : Description A security issue has been reported in OpenAFS, which can be exploited by malicious people to disclose certain sensitive information. The security issue is caused due to an unspecified error when handing the "-encrypt" option passed to the "vos" volume management command and can be exploited to disclose the communication contents via e.g. MitM (Man-in-the-Middle) attacks. The security issue is reported in versions prior to 1.6.5 and 1.4.15. Solution: Update to version 1.6.5 or 1.4.15. Provided and/or discovered by: Reported by the vendor. Original Advisory: http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.