4 matches found
[SECURITY] [DLA 342-1] openafs security update
Package : openafs Version : 1.4.12.1+dfsg-4+squeeze4 CVE ID : CVE-2015-3282 CVE-2015-3283 CVE-2015-3285 CVE-2015-6587 CVE-2015-7762 CVE-2015-7763 Several vulnerabilities have been found and solved in the distributed file system OpenAFS: CVE-2015-3282 vos leaked stack data clear on the wire when...
CVE-2015-7762
OpenAFS contains a vulnerability CVE-2015-7762 where rx/rx.c does not properly initialize the padding of an Rx ACK packet, enabling potential plaintext disclosure via replay or network sniffing. Affected: OpenAFS prior to 1.6.15 and prior to 1.7.33. Impact: information disclosure of previously pr...
[SECURITY] [DSA 3387-1] openafs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3387-1 [email protected] https://www.debian.org/security/ Florian Weimer November 01, 2015 https://www.debian.org/security/faq -...
FreeBSD : openafs -- information disclosure (017a493f-7db6-11e5-a762-14dae9d210b8)
The OpenAFS development team reports : When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762. Additionally, OpenAFS...