Debian Security Advisory
DSA-2729-1 openafs -- several vulnerabilities
- Date Reported:
- 28 Jul 2013
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-4134, CVE-2013-4135.
- More information:
OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003
In addition the
encryptoption to the
vostool was fixed.
For the oldstable distribution (squeeze), these problems have been fixed in version 126.96.36.199+dfsg-4+squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 1.6.1-3+deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 1.6.5-1.
We recommend that you upgrade your openafs packages.