Scientific Linux Releases OpenAFS Moderate Security Update for Users

Moderate: openafs security and enhancement update
Date: Tue, 13 Dec 2016 16:02:09 +0000
Reply-To: Scott Reid 
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
Comments: To: scientific-linux-errata 
MIME-Version: 1.0
Message-ID: 

--_000_D475779F33B8Csvreidfnalgov_

The following FASTBUGS have been uploaded to




i386:
6x/i386/chrony-2.1.1-2.el6_8.i686.rpm

x86_64:
6x/x86_64/chrony-2.1.1-2.el6_8.x86_64.rpm

--_000_D475779F33B8Csvreidfnalgov_




The following FASTBUGS have been uploaded to




	
		i386:
		6x/i386/chrony-2.1.1-2.el6_8.i686.rpm
		

		
		x86_64:
		6x/x86_64/chrony-2.1.1-2.el6_8.x86_64.rpm
	
	

	
	
		
	


--_000_D475779F33B8Csvreidfnalgov_--
Date: Wed, 14 Dec 2016 17:38:25 +0000
Reply-To: Scott Reid 
	Sender: Security Errata for Scientific Linux
	
		From: Scott Reid 
			Subject: Security ERRATA Moderate: OpenAFS on SL5.x, SL6.x,
			SL7.x i386/x86_64
			Comments: To: scientific-linux-errata 
				MIME-Version: 1.0
				Message-ID: 

					--_000_D476DFB033EA1svreidfnalgov_

					Synopsis: Moderate: openafs security and enhancement update
					Advisory ID: OPENAFS-SA-2016-003
					Issue Date: 2016-12-14

					--

					Security Fix(es):

					There are three different kinds of "dead" residual directory entry
					leaks, each with a different cause:

					1. There may be partial name data after the null terminator in a live
					directory entry. This happens when a previously used directory entry
					becomes free, then is reused for a directory entry with a shorter name.

					2. "Dead" directory entries are left uncleared after an object is
					deleted or renamed.

					3. Residual directory entries may be inadvertently picked up when a new
					directory is created or an existing directory is extended by a 2kiB
					page.

					This happens because the fileserver shares a buffer pool for
					directories of all AFS users, but does not clear each buffer upon
					reuse. This is the most severe problem because the leaked information
					may be from other directories or volumes for which the AFS user is not
					authorized.

					SL5 packages feature a backported patch to the vulnerable code.

					Enhancement(s):

					* OpenAFS on SL6 and SL7 has been rebased to 1.6.20

					--
					SL5
					x86_64
					kernel-module-openafs-2.6.18-416.el5-1.4.15-90.sl5.x86_64.rpm
					kernel-module-openafs-2.6.18-416.el5xen-1.4.15-90.sl5.x86_64.rpm
					openafs-1.4.15-90.sl5.x86_64.rpm
					openafs-authlibs-1.4.15-90.sl5.x86_64.rpm
					openafs-authlibs-devel-1.4.15-90.sl5.x86_64.rpm
					openafs-client-1.4.15-90.sl5.x86_64.rpm
					openafs-compat-1.4.15-90.sl5.x86_64.rpm
					openafs-debug-1.4.15-90.sl5.x86_64.rpm
					openafs-devel-1.4.15-90.sl5.x86_64.rpm
					openafs-kernel-source-1.4.15-90.sl5.x86_64.rpm
					openafs-kpasswd-1.4.15-90.sl5.x86_64.rpm
					openafs-krb5-1.4.15-90.sl5.x86_64.rpm
					openafs-server-1.4.15-90.sl5.x86_64.rpm
					i386
					kernel-module-openafs-2.6.18-416.el5-1.4.15-90.sl5.i686.rpm
					kernel-module-openafs-2.6.18-416.el5PAE-1.4.15-90.sl5.i686.rpm
					kernel-module-openafs-2.6.18-416.el5xen-1.4.15-90.sl5.i686.rpm
					openafs-1.4.15-90.sl5.i386.rpm
					openafs-authlibs-1.4.15-90.sl5.i386.rpm
					openafs-authlibs-devel-1.4.15-90.sl5.i386.rpm
					openafs-client-1.4.15-90.sl5.i386.rpm
					openafs-compat-1.4.15-90.sl5.i386.rpm
					openafs-debug-1.4.15-90.sl5.i386.rpm
					openafs-devel-1.4.15-90.sl5.i386.rpm
					openafs-kernel-source-1.4.15-90.sl5.i386.rpm
					openafs-kpasswd-1.4.15-90.sl5.i386.rpm
					openafs-krb5-1.4.15-90.sl5.i386.rpm
					openafs-server-1.4.15-90.sl5.i386.rpm

					SL6
					x86_64
					kmod-openafs-642-1.6.20-256.sl6.642.6.2.x86_64.rpm
					openafs-1.6.20-256.sl6.x86_64.rpm
					openafs-authlibs-1.6.20-256.sl6.x86_64.rpm
					openafs-authlibs-devel-1.6.20-256.sl6.x86_64.rpm
					openafs-client-1.6.20-256.sl6.x86_64.rpm
					openafs-compat-1.6.20-256.sl6.x86_64.rpm
					openafs-devel-1.6.20-256.sl6.x86_64.rpm
					openafs-kernel-source-1.6.20-256.sl6.x86_64.rpm
					openafs-kpasswd-1.6.20-256.sl6.x86_64.rpm
					openafs-krb5-1.6.20-256.sl6.x86_64.rpm
					openafs-module-tools-1.6.20-256.sl6.x86_64.rpm
					openafs-plumbing-tools-1.6.20-256.sl6.x86_64.rpm
					openafs-server-1.6.20-256.sl6.x86_64.rpm
					i386
					kmod-openafs-642-1.6.20-256.sl6.642.6.2.i686.rpm
					openafs-1.6.20-256.sl6.i686.rpm
					openafs-authlibs-1.6.20-256.sl6.i686.rpm
					openafs-authlibs-devel-1.6.20-256.sl6.i686.rpm
					openafs-client-1.6.20-256.sl6.i686.rpm
					openafs-compat-1.6.20-256.sl6.i686.rpm
					openafs-devel-1.6.20-256.sl6.i686.rpm
					openafs-kernel-source-1.6.20-256.sl6.i686.rpm
					openafs-kpasswd-1.6.20-256.sl6.i686.rpm
					openafs-krb5-1.6.20-256.sl6.i686.rpm
					openafs-module-tools-1.6.20-256.sl6.i686.rpm
					openafs-plumbing-tools-1.6.20-256.sl6.i686.rpm
					openafs-server-1.6.20-256.sl6.i686.rpm

					SL7
					x86_64
					kmod-openafs-1.6-sl-514-1.6.20-256.7.514.x86_64.rpm
					openafs-1.6-sl-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-authlibs-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-authlibs-devel-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-client-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-compat-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-devel-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-kernel-source-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-kpasswd-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-krb5-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-module-tools-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-plumbing-tools-1.6.20-256.7.x86_64.rpm
					openafs-1.6-sl-server-1.6.20-256.7.x86_64.rpm

					- Scientific Linux Development Team

					--_000_D476DFB033EA1svreidfnalgov_

						

						
							Synopsis:          Moderate: openafs security and enhancement update
							Advisory ID:       OPENAFS-SA-2016-003
							Issue Date:        2016-12-14
							

							
							--
							

							
							Security Fix(es):
							

							
							There are three different kinds of "dead" residual directory entry
							leaks, each with a different cause:
								
								

								
								1. There may be partial name data after the null terminator in a live
								directory entry. This happens when a previously used directory entry
								becomes free, then is reused for a directory entry with a shorter name.
								

								
								2. "Dead" directory entries are left uncleared after an object is
								deleted or renamed.
								

								
								3. Residual directory entries may be inadvertently picked up when a new
								directory is created or an existing directory is extended by a 2kiB
								page.
								

								
								This happens because the fileserver shares a buffer pool for
								directories of all AFS users, but does not clear each buffer upon
								reuse. This is the most severe problem because the leaked information
								may be from other directories or volumes for which the AFS user is not
								authorized.
								

								
								SL5 packages feature a backported patch to the vulnerable code.
								

								
								Enhancement(s):
								

								
								* OpenAFS on SL6 and SL7 has been rebased to 1.6.20
								

								
								--
								SL5
								   x86_64
								     kernel-module-openafs-2.6.18-416.el5-1.4.15-90.sl5.x86_64.rpm
								     kernel-module-openafs-2.6.18-416.el5xen-1.4.15-90.sl5.x86_64.rpm
								     openafs-1.4.15-90.sl5.x86_64.rpm
								     openafs-authlibs-1.4.15-90.sl5.x86_64.rpm
								     openafs-authlibs-devel-1.4.15-90.sl5.x86_64.rpm
								     openafs-client-1.4.15-90.sl5.x86_64.rpm
								     openafs-compat-1.4.15-90.sl5.x86_64.rpm
								     openafs-debug-1.4.15-90.sl5.x86_64.rpm
								     openafs-devel-1.4.15-90.sl5.x86_64.rpm
								     openafs-kernel-source-1.4.15-90.sl5.x86_64.rpm
								     openafs-kpasswd-1.4.15-90.sl5.x86_64.rpm
								     openafs-krb5-1.4.15-90.sl5.x86_64.rpm
								     openafs-server-1.4.15-90.sl5.x86_64.rpm
								   i386
								     kernel-module-openafs-2.6.18-416.el5-1.4.15-90.sl5.i686.rpm
								     kernel-module-openafs-2.6.18-416.el5PAE-1.4.15-90.sl5.i686.rpm
								     kernel-module-openafs-2.6.18-416.el5xen-1.4.15-90.sl5.i686.rpm
								     openafs-1.4.15-90.sl5.i386.rpm
								     openafs-authlibs-1.4.15-90.sl5.i386.rpm
								     openafs-authlibs-devel-1.4.15-90.sl5.i386.rpm
								     openafs-client-1.4.15-90.sl5.i386.rpm
								     openafs-compat-1.4.15-90.sl5.i386.rpm
								     openafs-debug-1.4.15-90.sl5.i386.rpm
								     openafs-devel-1.4.15-90.sl5.i386.rpm
								     openafs-kernel-source-1.4.15-90.sl5.i386.rpm
								     openafs-kpasswd-1.4.15-90.sl5.i386.rpm
								     openafs-krb5-1.4.15-90.sl5.i386.rpm
								     openafs-server-1.4.15-90.sl5.i386.rpm
								

								
								SL6
								   x86_64
								     kmod-openafs-642-1.6.20-256.sl6.642.6.2.x86_64.rpm
								     openafs-1.6.20-256.sl6.x86_64.rpm
								     openafs-authlibs-1.6.20-256.sl6.x86_64.rpm
								     openafs-authlibs-devel-1.6.20-256.sl6.x86_64.rpm
								     openafs-client-1.6.20-256.sl6.x86_64.rpm
								     openafs-compat-1.6.20-256.sl6.x86_64.rpm
								     openafs-devel-1.6.20-256.sl6.x86_64.rpm
								     openafs-kernel-source-1.6.20-256.sl6.x86_64.rpm
								     openafs-kpasswd-1.6.20-256.sl6.x86_64.rpm
								     openafs-krb5-1.6.20-256.sl6.x86_64.rpm
								     openafs-module-tools-1.6.20-256.sl6.x86_64.rpm
								     openafs-plumbing-tools-1.6.20-256.sl6.x86_64.rpm
								     openafs-server-1.6.20-256.sl6.x86_64.rpm
								   i386
								     kmod-openafs-642-1.6.20-256.sl6.642.6.2.i686.rpm
								     openafs-1.6.20-256.sl6.i686.rpm
								     openafs-authlibs-1.6.20-256.sl6.i686.rpm
								     openafs-authlibs-devel-1.6.20-256.sl6.i686.rpm
								     openafs-client-1.6.20-256.sl6.i686.rpm
								     openafs-compat-1.6.20-256.sl6.i686.rpm
								     openafs-devel-1.6.20-256.sl6.i686.rpm
								     openafs-kernel-source-1.6.20-256.sl6.i686.rpm
								     openafs-kpasswd-1.6.20-256.sl6.i686.rpm
								     openafs-krb5-1.6.20-256.sl6.i686.rpm
								     openafs-module-tools-1.6.20-256.sl6.i686.rpm
								     openafs-plumbing-tools-1.6.20-256.sl6.i686.rpm
								     openafs-server-1.6.20-256.sl6.i686.rpm
								

								
								SL7
								   x86_64
								     kmod-openafs-1.6-sl-514-1.6.20-256.7.514.x86_64.rpm
								     openafs-1.6-sl-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-authlibs-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-authlibs-devel-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-client-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-compat-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-devel-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-kernel-source-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-kpasswd-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-krb5-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-module-tools-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-plumbing-tools-1.6.20-256.7.x86_64.rpm
								     openafs-1.6-sl-server-1.6.20-256.7.x86_64.rpm
								

								
								- Scientific Linux Development Team
									
								
								
									

									
									
										
									
								
							
						

					--_000_D476DFB033EA1svreidfnalgov_--
Scientific Linux: OPENAFS-SA-2016-003 Moderate: Directory Leak Fix

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Scientific Linux: OPENAFS-SA-2016-003 Moderate: Directory Leak Fix

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!
