-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 22 Jul 2013 15:27:04 -0700 Source: openafs Binary: openafs-client openafs-kpasswd openafs-fileserver openafs-dbserver openafs-doc openafs-krb5 libopenafs-dev openafs-modules-source openafs-modules-dkms libpam-openafs-kaserver openafs-dbg Architecture: source all i386 Version: 1.4.12.1+dfsg-4+squeeze2 Distribution: squeeze-security Urgency: high Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libopenafs-dev - AFS distributed filesystem development libraries libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module openafs-client - AFS distributed filesystem client support openafs-dbg - AFS distributed filesystem debugging information openafs-dbserver - AFS distributed filesystem database server openafs-doc - AFS distributed filesystem documentation openafs-fileserver - AFS distributed filesystem file server openafs-kpasswd - AFS distributed filesystem old password changing openafs-krb5 - AFS distributed filesystem Kerberos 5 integration openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source openafs-modules-source - AFS distributed filesystem kernel module source Changes: openafs (1.4.12.1+dfsg-4+squeeze2) squeeze-security; urgency=high . * Apply upstream security patches: - OPENAFS-SA-2013-003: New support for non-DES enctypes in the long-lived AFS key. This requires deploying rxkad.keytab files on each server containing all of the encryption types for the cell AFS key. Once this is deployed on servers, DES will only be used for the session key. Once deployed on all clients, a stronger security mechanism will be used that allows the DES keys to be removed from the AFS principal in the Kerberos KDC (but still uses DES for some session encryption purposes). (CVE-2013-4134) - OPENAFS-SA-2013-004: Properly support the -encrypt option in vos, including with -localauth. (CVE-2013-4135) Checksums-Sha1: d45bcac0959ab3af0cb8249be2c8c8aad34bcff3 1969 openafs_1.4.12.1+dfsg-4+squeeze2.dsc 4a8f8f9df4f0d3b094c8eabe6704562eae9b136e 185234 openafs_1.4.12.1+dfsg-4+squeeze2.diff.gz 75b534c31095ad78818df4d3293446a70f32d425 4483214 openafs-doc_1.4.12.1+dfsg-4+squeeze2_all.deb 9fe8772666aad27eefd42939335452e1e6467af6 3052658 openafs-client_1.4.12.1+dfsg-4+squeeze2_i386.deb e43980f83aae3a482aeed581dfadb127021c6371 275510 openafs-kpasswd_1.4.12.1+dfsg-4+squeeze2_i386.deb 6bbc5e8d91f38da9676e0e577a9acf443e97b7de 1134350 openafs-fileserver_1.4.12.1+dfsg-4+squeeze2_i386.deb 7e0d554e9a7e3576fd925ac9a932b3556d6cf172 591204 openafs-dbserver_1.4.12.1+dfsg-4+squeeze2_i386.deb 6c6d8d437c15051952d312ee378b849cb5425ddf 286756 openafs-krb5_1.4.12.1+dfsg-4+squeeze2_i386.deb 3c888cded8a0fac0d0234f2102ea7b59be3b0e4c 2191038 libopenafs-dev_1.4.12.1+dfsg-4+squeeze2_i386.deb c29c4c85d9e8741f5679eaaaf084baf0d99a61f3 908706 openafs-modules-source_1.4.12.1+dfsg-4+squeeze2_i386.deb a6def59db06dbc831ac69d333722d9a8216cd573 1082678 openafs-modules-dkms_1.4.12.1+dfsg-4+squeeze2_i386.deb 39aa0b104786fb9b69355f48e1f7de690af84ac7 439404 libpam-openafs-kaserver_1.4.12.1+dfsg-4+squeeze2_i386.deb 1337229fb9f3a6a2e0f16d6eccd3f8aaa88c7004 2840414 openafs-dbg_1.4.12.1+dfsg-4+squeeze2_i386.deb Checksums-Sha256: 6430cb46dce1b51d48b0a5b69727335dfd26a9b836e349b553eabeb151d72e9c 1969 openafs_1.4.12.1+dfsg-4+squeeze2.dsc 00e2839940cbe80badd8b08c253fa1867fd221b1695dcb8245144357c6699447 185234 openafs_1.4.12.1+dfsg-4+squeeze2.diff.gz 1d22bac0f46baf03d77152b8ed8463aac06e5627b094361272b5042aac8ed0aa 4483214 openafs-doc_1.4.12.1+dfsg-4+squeeze2_all.deb fad6586e476997908ec7d8625b9ce061d3894bbeba423d0e70f14f17a9858206 3052658 openafs-client_1.4.12.1+dfsg-4+squeeze2_i386.deb c0f2c9beb556460b87a4111a1267bb3baca9471eb7fe77e62056e2c7407f9de5 275510 openafs-kpasswd_1.4.12.1+dfsg-4+squeeze2_i386.deb 53236a905d3b54069228f5e51ce343ba20af074e742fba88d8e530b2c1199345 1134350 openafs-fileserver_1.4.12.1+dfsg-4+squeeze2_i386.deb 7af3d145493474842041cf27e2658b8be8c21cb7427d5cf94c9a893b161c453e 591204 openafs-dbserver_1.4.12.1+dfsg-4+squeeze2_i386.deb b6091e9e51d60597ada4a32534f73b8db219a6bb898112da558387829baa903b 286756 openafs-krb5_1.4.12.1+dfsg-4+squeeze2_i386.deb 1fac162478808b1eb6cbb4646d48ecf85130c619c5e69fc8faa29ad47e5d4d1d 2191038 libopenafs-dev_1.4.12.1+dfsg-4+squeeze2_i386.deb 7a3e8caa64949455b82501be4e0f6b7d2e5038506fa36dcf241c66972f7c10da 908706 openafs-modules-source_1.4.12.1+dfsg-4+squeeze2_i386.deb fe16aafe7c4fb4c0b853dab564f84b63f3cfa1629cbefa645d72649fb3775084 1082678 openafs-modules-dkms_1.4.12.1+dfsg-4+squeeze2_i386.deb d07c2d3a636170b51caeb7fa5b36f79277af6120db35dfb505607868681d2d44 439404 libpam-openafs-kaserver_1.4.12.1+dfsg-4+squeeze2_i386.deb 0c58d4054d2183ff7dddad1c00de4fe6ac018ace17e4b8cf98a3cc1703a17060 2840414 openafs-dbg_1.4.12.1+dfsg-4+squeeze2_i386.deb Files: 8c215bff477de196e0d235c176ab8a12 1969 net optional openafs_1.4.12.1+dfsg-4+squeeze2.dsc 5be163ea56bbee9ebedb464e97e13422 185234 net optional openafs_1.4.12.1+dfsg-4+squeeze2.diff.gz 5682c9dce71db6f5fcb461435902a05f 4483214 doc optional openafs-doc_1.4.12.1+dfsg-4+squeeze2_all.deb c5262deaef0e8475a807abe7f4e2517a 3052658 net optional openafs-client_1.4.12.1+dfsg-4+squeeze2_i386.deb b60cfadc48005b87fc72a12ace0201c2 275510 net extra openafs-kpasswd_1.4.12.1+dfsg-4+squeeze2_i386.deb 033deeec470a6a38656d3c0dfce9a199 1134350 net optional openafs-fileserver_1.4.12.1+dfsg-4+squeeze2_i386.deb fd5762064fe8ad4e345956e860ea5e19 591204 net optional openafs-dbserver_1.4.12.1+dfsg-4+squeeze2_i386.deb 2e550178c24f5a65578967854d4c69c5 286756 net optional openafs-krb5_1.4.12.1+dfsg-4+squeeze2_i386.deb 5bbdae20176550cda236e885dd418e50 2191038 libdevel extra libopenafs-dev_1.4.12.1+dfsg-4+squeeze2_i386.deb 1038c8b8e580734b83963f439cda3362 908706 kernel extra openafs-modules-source_1.4.12.1+dfsg-4+squeeze2_i386.deb 0cf19223bc88f464ffe589f90e4d191f 1082678 kernel extra openafs-modules-dkms_1.4.12.1+dfsg-4+squeeze2_i386.deb fb12d45a0d6651a01a6c3521e1f155f3 439404 admin extra libpam-openafs-kaserver_1.4.12.1+dfsg-4+squeeze2_i386.deb 308a682c12aeeb9d194ae18d6dd96b15 2840414 debug extra openafs-dbg_1.4.12.1+dfsg-4+squeeze2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJR8g3LAAoJEH2AMVxXNt51EZYIAIpt+qjNSbW53se8jAd65IfL IIpfl9PMJcBNpMaotTBR2HbVRuaWpGuIwCivaOK0IOsco2+xoqGqpK4NBpP/Gt7o 2YeBp07OaCAXPddHyPP4kHKErGBgCr9alSTRrcm+r0weGmanfhaxF7Zt2b5GbAM7 xOnj5ta0e78+FQbJSu5AriexZ94UDNEPrczndYwk3Cnb1tsuf4GbHgbpIiH0jUS6 hCktOfgl0C2Lzs0sDk0vULid0nvPP0z4Mv4MjuJyT8mkm15EtEtkiIjVx7BGmUH5 5FcKtMZLB+M1oaFKG/5zNNPxPxQZI0Lwv67ZXMrossFspWK4OnyObCZV8TIVJNY= =3kbE -----END PGP SIGNATURE-----