Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 719136 (CVE-2019-18601, CVE-2019-18602, CVE-2019-18603) - net-fs/openafs: Multiple vulnerabilities (CVE-2019-{18601,18602,18603})
Summary: net-fs/openafs: Multiple vulnerabilities (CVE-2019-{18601,18602,18603})
Status: IN_PROGRESS
Alias: CVE-2019-18601, CVE-2019-18602, CVE-2019-18603
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-23 23:49 UTC by Sam James
Modified: 2020-05-22 07:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James gentoo-dev 2020-04-23 23:49:06 UTC
1) CVE-2019-18601

Description:
"OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler."

Advisory: https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt

2) CVE-2019-18602

Description:
"OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer."

Advisory: https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt

3) CVE-2019-18603

Description:
"OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer."

Advisory: https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
Comment 1 Sam James gentoo-dev 2020-04-23 23:49:32 UTC
@maintainer(s), please create an appropriate ebuild
Comment 2 Sam James gentoo-dev 2020-05-22 07:19:17 UTC
@maintainer(s), please bump this