Security Information / 2013 / Security Information -- DSA-2729-1 openafs

Debian Security Advisory

DSA-2729-1 openafs -- several vulnerabilities

Date Reported:

28 Jul 2013

Affected Packages:

openafs

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-4134, CVE-2013-4135.

More information:

OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003

In addition the encrypt option to the vos tool was fixed.

For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.12.1+dfsg-4+squeeze2.

For the stable distribution (wheezy), these problems have been fixed in version 1.6.1-3+deb7u1.

For the unstable distribution (sid), these problems have been fixed in version 1.6.5-1.

We recommend that you upgrade your openafs packages.