VDB
GCVE-110-MAGEIA-2014-515
GCVE-110-MAGEIA-2014-515
Advisory Published
Updated openafs packages fix security vulnerabilities:
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS
before 1.6.7 allows remote attackers to cause a denial of service (crash) via
a crafted statsVersion argument (CVE-2014-0159).
OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails,
which allows remote attackers to cause a denial of service (performance
degradation) via an invalid packet (CVE-2014-2852).
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which
allows remote attackers to cause a denial of service (uninitialized memory
access and crash) via unspecified vectors related to TMAY requests
(CVE-2014-4044).
The OpenAFS package has been updated to version 1.6.10, fixing these issues
and other bugs, as well as providing support for newer kernel versions.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | openafs | 0 (affected), 1.6.10-1.1.mga4 (unaffected) | — |
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.