-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:207 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openafs Date : September 29, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks (CVE-2007-6559). The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6559 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 5cfed2da74437280e139bd9a37b99a27 2007.1/i586/dkms-libafs-1.4.2-3.1mdv2007.1.i586.rpm ce10b8248835c3c2f204d3316bde628d 2007.1/i586/libopenafs1-1.4.2-3.1mdv2007.1.i586.rpm a2c32eaa669fa364bf57988bf37e2a0e 2007.1/i586/libopenafs1-devel-1.4.2-3.1mdv2007.1.i586.rpm d0f2303b30ab06ec269f2aa47344adb7 2007.1/i586/openafs-1.4.2-3.1mdv2007.1.i586.rpm 2db7adc9de4e14fc46242443d187c3c5 2007.1/i586/openafs-client-1.4.2-3.1mdv2007.1.i586.rpm 2c309a5d6e3dfb4b80a75020403738ec 2007.1/i586/openafs-doc-1.4.2-3.1mdv2007.1.i586.rpm 8ecb2c606b6d14652faf0d622bdb7d47 2007.1/i586/openafs-server-1.4.2-3.1mdv2007.1.i586.rpm 347d09eeb8161a41cde69cdeb0cd806e 2007.1/SRPMS/openafs-1.4.2-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: bdb3839cfe0fc276aa7555eba6be98fb 2007.1/x86_64/dkms-libafs-1.4.2-3.1mdv2007.1.x86_64.rpm df407d1f16cc88952d1ca98aa40a272d 2007.1/x86_64/lib64openafs1-1.4.2-3.1mdv2007.1.x86_64.rpm 0295c0f5e7abca166dc6cdf264eb4f89 2007.1/x86_64/lib64openafs1-devel-1.4.2-3.1mdv2007.1.x86_64.rpm 9a6da83f844d159f33a60eb77365d737 2007.1/x86_64/openafs-1.4.2-3.1mdv2007.1.x86_64.rpm 02c3be035c0fd82ee110cc22b5d8556f 2007.1/x86_64/openafs-client-1.4.2-3.1mdv2007.1.x86_64.rpm f50541fbf4049a44bb3d18ec5e86f2c7 2007.1/x86_64/openafs-doc-1.4.2-3.1mdv2007.1.x86_64.rpm fa5907f7c52987a3bae025ddfbb056a9 2007.1/x86_64/openafs-server-1.4.2-3.1mdv2007.1.x86_64.rpm 347d09eeb8161a41cde69cdeb0cd806e 2007.1/SRPMS/openafs-1.4.2-3.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 95e60cbbac6d339b98ce84f70b6b3b32 2008.0/i586/dkms-libafs-1.4.4-8.2mdv2008.0.i586.rpm ed989de74390d86ae0e372c1bfbef739 2008.0/i586/libopenafs1-1.4.4-8.2mdv2008.0.i586.rpm b6f4d164c16d1665cf89b40221177d4b 2008.0/i586/libopenafs1-devel-1.4.4-8.2mdv2008.0.i586.rpm b7b01d26a73d53dafba59ecdba0f589e 2008.0/i586/openafs-1.4.4-8.2mdv2008.0.i586.rpm 67e23acb150545d2725cde43312e5c10 2008.0/i586/openafs-client-1.4.4-8.2mdv2008.0.i586.rpm 40603c470a595475d0a4e26343ac1a50 2008.0/i586/openafs-doc-1.4.4-8.2mdv2008.0.i586.rpm c1512c6915d515588973ae8f4634f8f7 2008.0/i586/openafs-server-1.4.4-8.2mdv2008.0.i586.rpm 9844d673b334a84137fcf26d6f052190 2008.0/SRPMS/openafs-1.4.4-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 14f0314e4178ed4b328328051d666810 2008.0/x86_64/dkms-libafs-1.4.4-8.2mdv2008.0.x86_64.rpm bd81cfc546181523331124824d37214d 2008.0/x86_64/lib64openafs1-1.4.4-8.2mdv2008.0.x86_64.rpm 95a655890d0302c239d6f171adce4044 2008.0/x86_64/lib64openafs1-devel-1.4.4-8.2mdv2008.0.x86_64.rpm ed9312e42b2534ed062e03f4b90a75d6 2008.0/x86_64/openafs-1.4.4-8.2mdv2008.0.x86_64.rpm dbb0957bc6dde30f4f32ae3b47182a2d 2008.0/x86_64/openafs-client-1.4.4-8.2mdv2008.0.x86_64.rpm 7aeb5a0b3cfa42dc299c36847d385a87 2008.0/x86_64/openafs-doc-1.4.4-8.2mdv2008.0.x86_64.rpm e978a2ac93085f038cfce9c2392700b8 2008.0/x86_64/openafs-server-1.4.4-8.2mdv2008.0.x86_64.rpm 9844d673b334a84137fcf26d6f052190 2008.0/SRPMS/openafs-1.4.4-8.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFI4RTxmqjQ0CJFipgRAnOJAJ9BRllXkQYwi6d3c1K5MkSj7bmLrQCdHQ9a GJXshVIV3rsb4dMvp1DM6Aw= =9/0Q -----END PGP SIGNATURE-----