From ${URL} : Description A vulnerability has been reported in OpenAFS, which can be exploited by malicious people to cause a DoS (Denial of Service). An error when handling the GetStatistics64 remote procedure call (RPC) can be exploited to cause a buffer overflow and subsequently cause a crash. The vulnerability is reported in versions 1.4.8 through 1.6.6. Solution: Update to version 1.6.7 or apply patch. Further details available to Secunia VIM customers Provided and/or discovered by: The vendor credits Michael Meffie. Original Advisory: http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
See also bug #500378
CVE-2014-0159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0159): Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
Upstream patch: http://openafs.org/pages/security/openafs-sa-2014-001.patch, tested compilation
Fixed version 1.6.11 is in tree. Old unstable versions are removed.
Arch teams, please stabilize =net-fs/openafs-1.6.11.
stabilization done in bug 536272
All vulnerable versions are removed from tree.
Vote: NO.
GLSA Vote: No