-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 22 Jul 2013 13:52:11 -0700 Source: openafs Binary: openafs-client openafs-fuse openafs-kpasswd openafs-fileserver openafs-dbserver openafs-doc openafs-krb5 libkopenafs1 libafsauthent1 libafsrpc1 libopenafs-dev openafs-modules-source openafs-modules-dkms libpam-openafs-kaserver openafs-dbg Architecture: source i386 all Version: 1.6.1-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libafsauthent1 - AFS distributed file system runtime library (authentication) libafsrpc1 - AFS distributed file system runtime library (RPC layer) libkopenafs1 - AFS distributed file system runtime library (PAGs) libopenafs-dev - AFS distributed filesystem development libraries libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module openafs-client - AFS distributed filesystem client support openafs-dbg - AFS distributed filesystem debugging information openafs-dbserver - AFS distributed filesystem database server openafs-doc - AFS distributed filesystem documentation openafs-fileserver - AFS distributed filesystem file server openafs-fuse - AFS distributed file system experimental FUSE client openafs-kpasswd - AFS distributed filesystem old password changing openafs-krb5 - AFS distributed filesystem Kerberos 5 integration openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source openafs-modules-source - AFS distributed filesystem kernel module source Changes: openafs (1.6.1-3+deb7u1) wheezy-security; urgency=high . * Apply upstream security patches: - OPENAFS-SA-2013-003: New support for non-DES enctypes in the long-lived AFS key. This requires deploying rxkad.keytab files on each server containing all of the encryption types for the cell AFS key. Once this is deployed on servers, DES will only be used for the session key. Once deployed on all clients, a stronger security mechanism will be used that allows the DES keys to be removed from the AFS principal in the Kerberos KDC (but still uses DES for some session encryption purposes). (CVE-2013-4134) - OPENAFS-SA-2013-004: Properly support the -encrypt option in vos, including with -localauth. (CVE-2013-4135) Checksums-Sha1: 9903eeac3083c1f778b5886b1b768f1073e57d95 2544 openafs_1.6.1-3+deb7u1.dsc 10ff9f5826fb6fc65a7407fcc7972e887dfea76f 9139005 openafs_1.6.1.orig.tar.gz 373dbabd0a9e039007a1477413f3bc967169aa68 182141 openafs_1.6.1-3+deb7u1.debian.tar.gz f68daac8ce7a094f4c73fe6ca218902c39c760bb 3862188 openafs-client_1.6.1-3+deb7u1_i386.deb 9eefba01a837d82ed85e21ec2076aac95cb3d875 304210 openafs-fuse_1.6.1-3+deb7u1_i386.deb 2ed478e3132f2c15eb8c03fd22231dc802fa1e21 316440 openafs-kpasswd_1.6.1-3+deb7u1_i386.deb bd7b0efbd9edde106305181efdcb9b90ff89d86b 3296182 openafs-fileserver_1.6.1-3+deb7u1_i386.deb e1ae27b4a943748020fe8c267c9d338e114a2a40 765038 openafs-dbserver_1.6.1-3+deb7u1_i386.deb f402abe9f1dfef31e1c990cc486d4bcc5502378e 4640014 openafs-doc_1.6.1-3+deb7u1_all.deb b0851db864b42b9db3d0b08e136960bb873c8daa 380958 openafs-krb5_1.6.1-3+deb7u1_i386.deb c05df5cd1f13b6faf0654a1ea4497490a9172ca7 81374 libkopenafs1_1.6.1-3+deb7u1_i386.deb 56407e753b5733b6652e576289ffebc63d605eb1 160800 libafsauthent1_1.6.1-3+deb7u1_i386.deb ede89f7607623206ecacef0d1fc53447ccea664f 223516 libafsrpc1_1.6.1-3+deb7u1_i386.deb 7de8d5cd63696c9fbf4fcdfa23142eec53733035 2769576 libopenafs-dev_1.6.1-3+deb7u1_i386.deb 11fa37076facce4c41f648e68cf8ef56b14956cc 1111772 openafs-modules-source_1.6.1-3+deb7u1_all.deb f5d53e8010c84e1c4c2b65da19e5b5505dd303af 1358288 openafs-modules-dkms_1.6.1-3+deb7u1_all.deb aa85d200b438fdc2aacdd8b93b2601f418d2cf40 373692 libpam-openafs-kaserver_1.6.1-3+deb7u1_i386.deb 9f447a382c1f2a9cfb33a0b3847529ec303c3024 21223018 openafs-dbg_1.6.1-3+deb7u1_i386.deb Checksums-Sha256: 3699dbad1c4ca97a927abc9694af821ec6a6d2c54db135abf40b823143f06a02 2544 openafs_1.6.1-3+deb7u1.dsc 6152cddb407f7192bdd98215486c8af014c488d84d9a9a10b6b444b957c95b80 9139005 openafs_1.6.1.orig.tar.gz 5510145f0be796a972d90f114c750be729e855a1f38d61c85cdac580520d4354 182141 openafs_1.6.1-3+deb7u1.debian.tar.gz b5f78d1150b0a9bb533c836433f77d761223869270dbffdb30498fe970f357a8 3862188 openafs-client_1.6.1-3+deb7u1_i386.deb c934aa9dba6304f9e18c5059f13f163af3b05bd3e21a2d52cb412579c4f1c4e9 304210 openafs-fuse_1.6.1-3+deb7u1_i386.deb ecb6c90b13a14b0ab4ca069acfccebb7d4e42a16235eec115da4d9d2af3f829f 316440 openafs-kpasswd_1.6.1-3+deb7u1_i386.deb 7a2044cd032ad35ec74a1b8574bbea97b3aef4b768b722d5a206768b17fa5512 3296182 openafs-fileserver_1.6.1-3+deb7u1_i386.deb 757ae78e782d7d20ecec97d76dc5336abc6a34ca6bb34162d110f23d7338b6d0 765038 openafs-dbserver_1.6.1-3+deb7u1_i386.deb d662987a6b710d4aa0e9269d49d01e9238cb6ae075919694fe213992998becab 4640014 openafs-doc_1.6.1-3+deb7u1_all.deb d0281cc8c90391dc991e743a7835a2158182a6abac1603e94e6665af4c233f31 380958 openafs-krb5_1.6.1-3+deb7u1_i386.deb 60cc37e34190cf29a923e483b3ab670d8a01a55dd32cfee37324990b3ff33543 81374 libkopenafs1_1.6.1-3+deb7u1_i386.deb 9b9c9f2bbd374f355864b7bf19509920b1725cfb634172e2dd18a7d1afe3a446 160800 libafsauthent1_1.6.1-3+deb7u1_i386.deb 30ad554c79c3cc326a0bdae6cf3b3dc542d9f87584541ed0323b57f28c0fe969 223516 libafsrpc1_1.6.1-3+deb7u1_i386.deb 40ae5228c2e2e805185fd9cb5f11b85ecd91e3f13af201e3ddf2442315c4ce72 2769576 libopenafs-dev_1.6.1-3+deb7u1_i386.deb 6459f4ff9ed6b97390fcc9f993285b404a87a8b9406e753991c976a6dd753ec0 1111772 openafs-modules-source_1.6.1-3+deb7u1_all.deb 2bebaea1b22498082fca8e8ca080f431db1aca2060f7e9b2710f4c0d5be108cc 1358288 openafs-modules-dkms_1.6.1-3+deb7u1_all.deb 56f0cc24ee836081a7c94c86ff8974757a309c6366a343bbe57459593023fd7b 373692 libpam-openafs-kaserver_1.6.1-3+deb7u1_i386.deb b4e3427ee2629e3189496959a56af23dcad100764c456dea34f4a600bc101774 21223018 openafs-dbg_1.6.1-3+deb7u1_i386.deb Files: f97c67b64a2cd2548961d454ce8814a6 2544 net optional openafs_1.6.1-3+deb7u1.dsc cdcbad3987be21f4705ff27b38ad683d 9139005 net optional openafs_1.6.1.orig.tar.gz 01c6de52d30e40f0a518c89feb67cd9b 182141 net optional openafs_1.6.1-3+deb7u1.debian.tar.gz 3014c6358f5734e20ab2349a3f9e0967 3862188 net optional openafs-client_1.6.1-3+deb7u1_i386.deb 632846b836d41a6c90ca10b99f0ff262 304210 net extra openafs-fuse_1.6.1-3+deb7u1_i386.deb 0ebb25c18d9414671777a4cdacfdcc8f 316440 net extra openafs-kpasswd_1.6.1-3+deb7u1_i386.deb 67c8780eff397398ccb66db4ffdbf903 3296182 net optional openafs-fileserver_1.6.1-3+deb7u1_i386.deb 36f90e030e3f7e3f657987c047b9303b 765038 net optional openafs-dbserver_1.6.1-3+deb7u1_i386.deb 7a23572f1e9d3b7d781b8cc702e8df9d 4640014 doc optional openafs-doc_1.6.1-3+deb7u1_all.deb 935ee5ea826f7266785cafe13987e853 380958 net optional openafs-krb5_1.6.1-3+deb7u1_i386.deb 34b85fbb53179009258cbf93f04b318b 81374 libs optional libkopenafs1_1.6.1-3+deb7u1_i386.deb 2e2f8e5f0bb7b9d8727d24571b39769d 160800 libs optional libafsauthent1_1.6.1-3+deb7u1_i386.deb d55be616ff94bd4e66bea51d6c4756b6 223516 libs optional libafsrpc1_1.6.1-3+deb7u1_i386.deb f72d71e747e0619aec2ab659e53c55c3 2769576 libdevel extra libopenafs-dev_1.6.1-3+deb7u1_i386.deb 50f0919e4701e9c7b8b0032bd34e6728 1111772 kernel extra openafs-modules-source_1.6.1-3+deb7u1_all.deb eecfb8600f627a5a2fe01b15540a73ca 1358288 kernel extra openafs-modules-dkms_1.6.1-3+deb7u1_all.deb ec99b7da6c488eb914d404f649ff9a69 373692 admin extra libpam-openafs-kaserver_1.6.1-3+deb7u1_i386.deb 9d0ba52b5094e47bc1dc2896668c7133 21223018 debug extra openafs-dbg_1.6.1-3+deb7u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJR8XLyAAoJEH2AMVxXNt51Ik0H/2CQJT7lr0UzI4Lv4KGMv0b9 Y2jAmPk3HSwS30T9FkWS7QLwI1HNJ06W0FvoEXoEMlUpqlWE3w0XJi/08pQ//I6U bR92Me+RfNfkFxOimH3Pp4dXLpMPDQOW5ZVxUeDOr0+kXJvs8s6irVm0L7J/qqL9 KCJGqr1GWfkivV3Nh9IUzmFolCekh8iUSfpzzQDSspHNc1FOK6nYpGNUQ4akcl+p DGTFs2/WwP8qSAROwFKk2ExaViytoCa7D4wZfWApxjbjhZ2wEet2+eAA3rlXX3ne 2RK0eYpj64HQ4QJP3ZKoZz88VAMTPB+YvsqwFzo6n3qkTkkZ3K8+hDzPp7Xkk+0= =EqS4 -----END PGP SIGNATURE-----