Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 536272 (CVE-2014-4044) - <net-fs/openafs-1.6.11: DoS vulnerability (CVE-2014-4044)
Summary: <net-fs/openafs-1.6.11: DoS vulnerability (CVE-2014-4044)
Status: RESOLVED FIXED
Alias: CVE-2014-4044
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 544158
Blocks:
  Show dependency tree
 
Reported: 2015-01-11 00:59 UTC by GLSAMaker/CVETool Bot
Modified: 2015-05-11 16:27 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-01-11 00:59:40 UTC 
CVE-2014-4044 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4044):
  OpenAFS 1.6.8 does not properly clear the fields in the host structure,
  which allows remote attackers to cause a denial of service (uninitialized
  memory access and crash) via unspecified vectors related to TMAY requests.
Comment 1 Adam Feldman gentoo-dev 2015-01-24 02:10:56 UTC 
Upstream patch: http://openafs.org/pages/security/openafs-sa-2013-004.patch

We currently don't have a 1.6.8 in the tree, but when I get some time, I'll see if I can test it for patch-application and compilation.
Comment 2 Andrew Savchenko gentoo-dev 2015-03-22 21:51:15 UTC 
Fixed version 1.6.11 is in tree. Old unstable versions are removed.
Comment 3 Andrew Savchenko gentoo-dev 2015-03-22 22:01:40 UTC 
Arch teams, please stabilize =net-fs/openafs-1.6.11.
Comment 4 Agostino Sarubbo gentoo-dev 2015-03-24 08:51:48 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-03-24 08:52:45 UTC 
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-03-24 08:58:17 UTC 
sparc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 7 Andrew Savchenko gentoo-dev 2015-03-25 02:41:19 UTC 
All vulnerable versions are removed from tree.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2015-04-22 20:41:21 UTC 
Arches and Maintainer(s), Thank you for your work.

GLSA Vote: No
Comment 9 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-11 16:27:18 UTC 
GLSA Vote: No