Benjamin Kaduk
2017-12-05 16:19:41 UTC
The OpenAFS Security Team is pleased to announce the availability of
OpenAFS version 1.6.22 for UNIX/Linux. Source files can be accessed via
the web at:
https://www.openafs.org/dl/openafs/1.6.22/
or via AFS at:
/afs/grand.central.org/software/openafs/1.6.22/
\\afs\grand.central.org\software\openafs\1.6.22\
There are no binaries yet. Those will be uploaded as they become
available.
OpenAFS 1.6.22 is the next in the current series of stable releases of
OpenAFS for all platforms except Microsoft Windows.
This release fixes the vulnerability tracked as OPENAFS-SA-2017-001.
OPENAFS-SA-2017-001: Rx denial of service (assertion failure) due
to insufficient validation of received transport parameters
For more details please see
https://dl.openafs.org/dl/1.6.22/RELNOTES-1.6.22
https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
Bug reports should be filed to openafs-***@openafs.org.
ACKNOWLEDGEMENTS
OPENAFS-SA-2017-001 was reported by the team at AuriStor, Inc.
Benjamin Kaduk
OpenAFS Security Officer
OpenAFS version 1.6.22 for UNIX/Linux. Source files can be accessed via
the web at:
https://www.openafs.org/dl/openafs/1.6.22/
or via AFS at:
/afs/grand.central.org/software/openafs/1.6.22/
\\afs\grand.central.org\software\openafs\1.6.22\
There are no binaries yet. Those will be uploaded as they become
available.
OpenAFS 1.6.22 is the next in the current series of stable releases of
OpenAFS for all platforms except Microsoft Windows.
This release fixes the vulnerability tracked as OPENAFS-SA-2017-001.
OPENAFS-SA-2017-001: Rx denial of service (assertion failure) due
to insufficient validation of received transport parameters
For more details please see
https://dl.openafs.org/dl/1.6.22/RELNOTES-1.6.22
https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
Bug reports should be filed to openafs-***@openafs.org.
ACKNOWLEDGEMENTS
OPENAFS-SA-2017-001 was reported by the team at AuriStor, Inc.
Benjamin Kaduk
OpenAFS Security Officer