Package : openafs Version : 1.4.12.1+dfsg-4+squeeze4 CVE ID : CVE-2015-3282 CVE-2015-3283 CVE-2015-3285 CVE-2015-6587 CVE-2015-7762 CVE-2015-7763 Several vulnerabilities have been found and solved in the distributed file system OpenAFS: CVE-2015-3282 vos leaked stack data clear on the wire when updating vldb entries. CVE-2015-3283 OpenAFS allowed remote attackers to spoof bos commands via unspecified vectors. CVE-2015-3285 pioctl wrongly used the pointer related to the RPC, allowing local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command. CVE-2015-6587 vlserver allowed remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. CVE-2015-7762 and CVE-2015-7763 ("Tattletale") John Stumpo found that Rx ACK packets leaked plaintext of packets previously processed. For Debian 6 "Squeeze", these problems have been fixed in openafs version 1.4.12.1+dfsg-4+squeeze4. We recommend that you upgrade your OpenAFS packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: Digital signature