Information on source package openafs

Available versions

ReleaseVersion
jessie1.6.9-2+deb8u9
stretch1.6.20-2+deb9u2
buster1.8.2-1+deb10u1
bullseye1.8.6-5
bookworm1.8.9-1
sid1.8.13-1

Open issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2024-10397vulnerablevulnerablevulnerablevulnerablevulnerablefixedA malicious server can crash the OpenAFS cache manager and other clien ...
CVE-2024-10396vulnerablevulnerablevulnerablevulnerablevulnerablefixedAn authenticated user can provide a malformed ACL to the fileserver's ...
CVE-2024-10394vulnerablevulnerablevulnerablevulnerablevulnerablefixedA local user can bypass the OpenAFS PAG (Process Authentication Group) ...
CVE-2019-18603fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedOpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information l ...
CVE-2019-18602fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedOpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an informatio ...
CVE-2019-18601fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedOpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of ser ...

Resolved issues

BugDescription
CVE-2018-16949An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...
CVE-2018-16948An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...
CVE-2018-16947An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...
CVE-2017-17432OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, w ...
CVE-2016-9772OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive ...
CVE-2016-4536The client in OpenAFS before 1.6.17 does not properly initialize the ( ...
CVE-2016-2860The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 a ...
CVE-2015-8312Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow ...
CVE-2015-7763rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7 ...
CVE-2015-7762rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not prop ...
CVE-2015-6587The vlserver in OpenAFS before 1.6.13 allows remote authenticated user ...
CVE-2015-3286Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6. ...
CVE-2015-3285The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wr ...
CVE-2015-3284pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kern ...
CVE-2015-3283OpenAFS before 1.6.13 allows remote attackers to spoof bos commands vi ...
CVE-2015-3282vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remot ...
CVE-2014-4044OpenAFS 1.6.8 does not properly clear the fields in the host structure ...
CVE-2014-2852OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckRespons ...
CVE-2014-0159Buffer overflow in the GetStatistics64 remote procedure call (RPC) in ...
CVE-2013-4135The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt ...
CVE-2013-4134OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 use ...
CVE-2013-1795Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote att ...
CVE-2013-1794Buffer overflow in certain client utilities in OpenAFS before 1.6.2 al ...
CVE-2011-0431The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel ...
CVE-2011-0430Double free vulnerability in the Rx server process in OpenAFS 1.4.14, ...
CVE-2009-1251Heap-based buffer overflow in the cache manager in the client in OpenA ...
CVE-2009-1250The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 ...
CVE-2007-6599Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 ...
CVE-2007-1507The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x befo ...
CVE-2002-0391Integer overflow in xdr_array function in RPC servers for operating sy ...

Security announcements

DSA / DLADescription
DLA-1982-1openafs - security update
DSA-4302-1openafs - security update
DLA-1513-1openafs - security update
DLA-1213-1openafs - security update
DSA-4067-1openafs - security update
DLA-733-1openafs - security update
DLA-493-1openafs - security update
DSA-3569-1openafs - security update
DLA-342-1openafs - security update
DSA-3387-1openafs - security update
DSA-3320-1openafs - security update
DSA-2899-1openafs - security update
DSA-2729-1openafs - several
DSA-2638-1openafs - buffer overflow
DSA-2168-1openafs - several
DSA-1768-1openafs - potential code execution
DSA-1458-1openafs
DSA-1271-1openafs - design error
DSA-142openafs - integer overflow

Search for package or bug name: Reporting problems