[OpenAFS-announce] OpenAFS security release 1.6.22 available

Benjamin Kaduk openafs-info@openafs.org
Tue, 5 Dec 2017 10:19:41 -0600


--T7mxYSe680VjQnyC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


The OpenAFS Security Team is pleased to announce the availability of
OpenAFS version 1.6.22 for UNIX/Linux.  Source files can be accessed via
the web at:

  https://www.openafs.org/dl/openafs/1.6.22/

or via AFS at:

   /afs/grand.central.org/software/openafs/1.6.22/
  \\afs\grand.central.org\software\openafs\1.6.22\

There are no binaries yet. Those will be uploaded as they become
available.

OpenAFS 1.6.22 is the next in the current series of stable releases of
OpenAFS for all platforms except Microsoft Windows.

This release fixes the vulnerability tracked as OPENAFS-SA-2017-001.

OPENAFS-SA-2017-001: Rx denial of service (assertion failure) due
to insufficient validation of received transport parameters

For more details please see

  https://dl.openafs.org/dl/1.6.22/RELNOTES-1.6.22

  https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt

Bug reports should be filed to openafs-bugs@openafs.org.

ACKNOWLEDGEMENTS

OPENAFS-SA-2017-001 was reported by the team at AuriStor, Inc.

Benjamin Kaduk
OpenAFS Security Officer

--T7mxYSe680VjQnyC
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQG3BAABCgAdFiEE2WGV4E2ARf9BYP0XKNmm82TrdRIFAlomxxgACgkQKNmm82Tr
dRJfygwePIceHnZWfk9IwDH19m7Tk2y/bWQk5RFJne92dcWlwhJpf75QtHcO/Szn
r1KUK14uBV+OUwE7tGapaWkY61xnj/rmqWM4cg9vJb4fkv5zLjgVrmIA8WPpZBXR
GNy0N6XZ5DydUE1+fM/tTE8MwAaB4jNA3ZLLNQ8STtDMyV+H6y/0AP2MdVJLKRpG
JJ+GmLXhj7NPhqHqcc9mdV+NZhYkADv79Duv0iFx3X9ZU18f6Jg1uv2if161DF5l
8u6QhY8ScqgQSxAr7w5a99lL+3D2q6Ugn3THkMdigzVW16Ia2IjlZDyzUT1Xffvb
TEhuJveVbLGnmwNOPsrL5yzdUwoOu8dyrYIYoM/BTgqr7p6n3lBrqd75dbOu2mhM
ILdahM7ht9PDFlRt/lmbKHAOctd++oyUzAAaN+XJeTIBL4P3BjCV+S2b2GWuqUeS
u4fAJuFnqOh//f46cwUVlZ+LL0hU1oLwOInDlbmHXczTJUustmWRfusvIM+4ywCx
pkH77Et4tujImQ==
=HsBa
-----END PGP SIGNATURE-----

--T7mxYSe680VjQnyC--