Bug 17050 - openafs new security issues CVE-2015-7762 and CVE-2015-7763
Summary: openafs new security issues CVE-2015-7762 and CVE-2015-7763
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/662545/
Whiteboard: has_procedure advisory mga5-64-ok
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-10-30 15:25 CET by David Walser
Modified: 2015-11-02 21:22 CET (History)
2 users (show)

See Also:
Source RPM: openafs-1.6.13-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-10-30 15:25:07 CET 
Upstream has issued an advisory on October 28:
http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated openafs packages fix security vulnerabilities:

When constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx
implementations do not initialize three octets of data that are padding
in the C language structure and were inadvertently included in the wire
protocol (CVE-2015-7762).

Additionally, OpenAFS Rx before version 1.6.14 includes a variable-length
padding at the end of the ACK packet, in an attempt to detect the path MTU,
but only four octets of the additional padding are initialized
(CVE-2015-7763).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7763
http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt
http://openafs.org/dl/openafs/1.6.14/RELNOTES-1.6.14
http://openafs.org/dl/openafs/1.6.14.1/RELNOTES-1.6.14.1
http://openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15
https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html
========================

Updated packages in core/updates_testing:
========================
openafs-1.6.15-1.mga5
openafs-client-1.6.15-1.mga5
openafs-server-1.6.15-1.mga5
libopenafs1-1.6.15-1.mga5
libopenafs-devel-1.6.15-1.mga5
libopenafs-static-devel-1.6.15-1.mga5
dkms-libafs-1.6.15-1.mga5
openafs-doc-1.6.15-1.mga5

from openafs-1.6.15-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 Paul Blackburn 2015-11-02 16:02:12 CET 
testing x86_64

CC: (none) => paul.blackburn

Comment 2 Paul Blackburn 2015-11-02 18:52:21 CET 
x86_64 version tested and working OK.

I have made some changes to the OpenAFS wiki page
for the introduction of systemctl in this update.
ref: https://wiki.mageia.org/en/Installing_OpenAFS_Client
Comment 3 claire robinson 2015-11-02 19:10:32 CET 
Thanks Paul. Adding the OK.

Whiteboard: (none) => has_procedure mga5-64-ok

Comment 4 claire robinson 2015-11-02 19:14:01 CET 
Validating. Advisory uploaded (with bad commit msg).

Keywords: (none) => validated_update
Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok
CC: (none) => sysadmin-bugs

Comment 5 David Walser 2015-11-02 20:53:12 CET 
Debian has issued an advisory for this on November 1:
https://www.debian.org/security/2015/dsa-3387
Comment 6 Mageia Robot 2015-11-02 21:22:28 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0424.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.