jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 06:50:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NEWS: Update for 1.6.15

Browse Source 
Security vulnerability release.  Document OPENAFS-SA-2015-007.

Change-Id: Id36480024fbdac7d3478bec7f3026b2c05bc37f0
This commit is contained in:
Jeffrey Altman 2015-10-28 08:49:20 -04:00
parent 9191cdfc9b
commit d12f72f1af
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
NEWS
View File

@ -1,5 +1,20 @@
User-Visible OpenAFS Changes
OpenAFS 1.6.15 (Security Release)
All client and server platforms
* Fix for OPENAFS-SA-2015-007 "Tattletale"
When constructing an Rx acknowledgment (ACK) packet, Andrew-derived
Rx implementations do not initialize three octets of data that are
padding in the C language structure and were inadvertently included
in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in
versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0
through 1.7.32 include a variable-length padding at the end of the
ACK packet, in an attempt to detect the path MTU, but only four octets
of the additional padding are initialized (CVE-2015-7763).
OpenAFS 1.6.14.1
Linux clients