-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Sep 2018 21:06:09 +0200 Source: openafs Binary: openafs-client openafs-fuse openafs-kpasswd openafs-fileserver openafs-dbserver openafs-doc openafs-krb5 libkopenafs1 libafsauthent1 libafsrpc1 libopenafs-dev openafs-modules-source openafs-modules-dkms libpam-openafs-kaserver Architecture: source Version: 1.6.20-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Benjamin Kaduk <kaduk@mit.edu> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 908616 Description: libafsauthent1 - AFS distributed file system runtime library (authentication) libafsrpc1 - AFS distributed file system runtime library (RPC layer) libkopenafs1 - AFS distributed file system runtime library (PAGs) libopenafs-dev - AFS distributed filesystem development libraries libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module openafs-client - AFS distributed filesystem client support openafs-dbserver - AFS distributed filesystem database server openafs-doc - AFS distributed filesystem documentation openafs-fileserver - AFS distributed filesystem file server openafs-fuse - AFS distributed file system experimental FUSE client openafs-kpasswd - AFS distributed filesystem old password changing openafs-krb5 - AFS distributed filesystem Kerberos 5 integration openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source openafs-modules-source - AFS distributed filesystem kernel module source Changes: openafs (1.6.20-2+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Volume-level data replacement via unauthenticated butc connections (CVE-2018-16947) (Closes: #908616) * Information leakage from uninitialized RPC output variables (CVE-2018-16948) (Closes: #908616) * Denial of service due to excess resource consumption (CVE-2018-16949) (Closes: #908616) Checksums-Sha1: 72ddecd763724698e91bea1db332c7dde4c823dd 4049 openafs_1.6.20-2+deb9u2.dsc 440f93287c5eb88649532504a26b8d0fbea716ee 153260 openafs_1.6.20-2+deb9u2.debian.tar.xz Checksums-Sha256: 9a5ddfecce5a6b2c5b7f849baa3d7cd634c6f4389b27cafb52106e533fbece44 4049 openafs_1.6.20-2+deb9u2.dsc e43e6c8d589493de136a319731d425c51a01b981ca5ed44e9f36073d2e5a8b9a 153260 openafs_1.6.20-2+deb9u2.debian.tar.xz Files: c6e04c222acdece498c2bfb48c37509d 4049 net optional openafs_1.6.20-2+deb9u2.dsc 70b9b174205490105ffab0940ec2ad66 153260 net optional openafs_1.6.20-2+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlulSfVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6S8P+QFT9YEKDwuKQ6AuIWVdUwbAonA9t5uo UwXOYYw9mGk4A0E/DzHyGYOQwyGt/s8ufBy09qfIz+oiTH/yRzuebnJgwqAqveQK vtBUcm4hXsikMrMrt6bAHEtNjXVgGRafeBswB6EXu2ZChS8M89vEYLKGS/uWlATk S9FMhUkq7wiUSbDbhCalFJ3rKFHgU72G70CHHEK9hEU9ORsu0WscUhetdrT3MEHu hAjAb3ADtPXQpxBsLTaM0WoTQmQOExLX8KuWpuvwa6RfUKhLvJ2bJUeYrt846m7B h37NKNSZmEqwXE2thHOLTvVIUeuMR4O/34gQRJs9IGQMP91OOWZP3wvs/Fo3BBs6 /e7PVpqBaxKVtEv54M0hTnoE4ZBf7Zkzq7XxdB04VHqHo8AagKljzpO/5ud9r6Au Q6LNz0jMNVBdMlTmXAE0birItCZbXuDiJD5KZsGAe+0/6BDLhVVvDCIB0f56SZvF roGJfKvZZ8jPm4GvK4IdhXX0r1IRS8nG6NBqJb+B315tF4ntLmgCpFtKEFIh0Nf5 Igi0OAvMie28g7jMJgQohuhRKaYIA9nTAn0uYSTOAPaOYlt6i+yAW8gfptsm0IVq /irDrwmk7vkpnbVJjbxYwIKUrujdJpHxQeUm0J3RRw131iP4pWlzzWHfcmsuBK/i 2RFn8Nh8KmcL =okna -----END PGP SIGNATURE-----