Mageia 8 Advisory: 2021-0509 Moderate OpenAFS Access Control Fix
mageia
November 11, 2021
Openafs packages have been updated to 1.9.1 for various bugfixes, and added a fix for security vulnerability: There exist in the wild AFS3 clients that improperly construct access...
Summary
Openafs packages have been updated to 1.9.1 for various bugfixes,
and added a fix for security vulnerability:
There exist in the wild AFS3 clients that improperly construct access
control lists which are then stored to directories via RXAFS_StoreACL
(opcode 134). These clients add negative access control entries (if any)
to the normal rights list. As there is no method by which a fileserver
can determine that the ACL is improperly constructed, the only method
to defend the storage of broken ACLs is to identify clients that are
known to properly construct ACLs by introducing a new RXAFS_StoreACL
opcode (164) (CVE-2018-7168).
Additionally the CellServDB has been updated to latest version and
fixes for suppoorting kernel 5.14 and 5.15 series have been added.
References
- https://bugs.mageia.org/show_bug.cgi?id=29639
- https://www.cve.org/CVERecord?id=CVE-2018-7168
Topics Covered
Resolution
SRPMS
- 8/core/openafs-1.9.1-1.mga8
PREVIOUS
NEXT
Publication date: 11 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0509.html
Type: security
CVE: CVE-2018-7168
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!