Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

Scientific Linux SL 40-45: Low Severity OpenAFS Security Advisory

Scientific Large Esm H446
Low: openafs security update
Date: Tue, 18 Mar 2008 14:36:50 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA for openafs on SL41-45 i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Low: openafs security update
Issue date:	21-Dec-2007
CVE Names:	OpenAFS Security Advisory 2007-003

In pthread-aware fileservers, the "host_glock" pthread lock, accessed
via the H_LOCK and H_UNLOCK macros, is used to provide safe access to
host structures. This lock is required to be held when updating
information pertaining to a host. The RPC handler for the
GiveUpAllCallBacks RPC did not hold this lock while performing its work.

This errata is already in SL 4.6. So it only applies to SL 40-45

SL 4.x

 SRPMS:
openafs.SLx-1.4.6-58.src.rpm
 i386:
openafs-1.4.6-58.SL4.i386.rpm
openafs-authlibs-1.4.6-58.SL4.i386.rpm
openafs-authlibs-devel-1.4.6-58.SL4.i386.rpm
openafs-client-1.4.6-58.SL4.i386.rpm
openafs-compat-1.4.6-58.SL4.i386.rpm
openafs-debug-1.4.6-58.SL4.i386.rpm
openafs-devel-1.4.6-58.SL4.i386.rpm
openafs-kernel-source-1.4.6-58.SL4.i386.rpm
openafs-kpasswd-1.4.6-58.SL4.i386.rpm
openafs-krb5-1.4.6-58.SL4.i386.rpm
openafs-server-1.4.6-58.SL4.i386.rpm
 x86_64:
openafs-1.4.6-58.SL4.x86_64.rpm
openafs-authlibs-1.4.6-58.SL4.x86_64.rpm
openafs-authlibs-devel-1.4.6-58.SL4.x86_64.rpm
openafs-client-1.4.6-58.SL4.x86_64.rpm
openafs-compat-1.4.6-58.SL4.x86_64.rpm
openafs-debug-1.4.6-58.SL4.x86_64.rpm
openafs-devel-1.4.6-58.SL4.x86_64.rpm
openafs-kernel-source-1.4.6-58.SL4.x86_64.rpm
openafs-kpasswd-1.4.6-58.SL4.x86_64.rpm
openafs-krb5-1.4.6-58.SL4.x86_64.rpm
openafs-server-1.4.6-58.SL4.x86_64.rpm

-Connie Sieh
-Troy Dawson