[OpenAFS-announce] OpenAFS security release 1.6.20 available

Benjamin Kaduk openafs-info@openafs.org
Wed, 30 Nov 2016 19:12:36 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The OpenAFS Security Team is pleased to announce the availability of
OpenAFS version 1.6.20 for UNIX/Linux. Source files can be accessed via
the web at:

  https://www.openafs.org/dl/openafs/1.6.20/

or via AFS at:

   /afs/grand.central.org/software/openafs/1.6.20/
  \\afs\grand.central.org\software\openafs\1.6.20\

There are no binaries yet. Those will be uploaded as they become
available.

OpenAFS 1.6.20 is the next in the current series of stable releases of
OpenAFS for all platforms except Microsoft Windows.

This release fixes the vulnerability tracked as OPENAFS-SA-2016-003.

OPENAFS-SA-2016-003: Directory information (file/directory names, etc.)
leakage over the network due to buffer reuse without zeroing

For more details please see

  https://dl.openafs.org/dl/1.6.20/RELNOTES-1.6.20

  https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt

Bug reports should be filed to openafs-bugs@openafs.org.

ACKNOWLEDGEMENTS

OPENAFS-SA-2016-003 was reported by Mark Vitale

Benjamin Kaduk
OpenAFS Security Officer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGgBAEBCgAGBQJYP3i7AAoJECjZpvNk63USd8wMHiY+7TFn6VYOYurdj6LqEMij
tZgGjDQNbcYqhhWr6/aEl9p7gMgZRhy9G/6NSM5P5kShVkj9S8P6GGArfTeMFOsu
vKaJl4Dvmcn55Uh+ENOcWt2E4aINTLwVNeSe2fvt4w7wQzxZ+jtHbVFdlm8tCSiz
aePx4H7pv0aYwDhnPO7yyN0ifUgbNUZCSUgN3lemJuX3lHavXI2lOZPJ9ze76o3d
EXm35rrgOWOMpLAr8VkZLwm3oxp5QUNSX1Tbq2XwOhTnpdf5uqYChsisU3bxxq+k
Hyl2BF907uzNTCe9kQaeGjtrmCIAsibZMv2VaH2oF8iKrd/ovJ5gt7Vx0HJJrNjx
RM2r/juVrdndD+iucTUGZtlhodVTP9Awe5vhlsyTxpIoqmAJdjK1vhW1jBgzEWA+
Be9gP5e25TkQXgFbS6WzIpgo3w3snjDtK8cxST3hOGSSuApyolk8kE1wGJF6V7fe
kT21NqHpOvJTwjnQQNBX2d17vdxl6rAN8bujlHC1yu1jr5M=
=FJn9
-----END PGP SIGNATURE-----