Russ Allbery uploaded new packages for openafs (a distributed file system) which fixed the following security problems: CVE-2009-1251 An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a vulnerability in XDR array decoding. CVE-2009-1250 An attacker with control of a file server or the ability to forge RX packets may crash OpenAFS clients because of wrongly handled error return codes in the kernel module. For the etch-backports distribution, the problem has been fixed in version 1.4.10+dfsg1-1~bpo40+1. There was no previous lenny backport of this package, so the fixed packages available through normal Debian security channels will work, but 1.4.10+dfsg1-1~bpo50+1 are also available (or will be available soon) from lenny-backports so that the etch-backports version wouldn't be higher than the lenny-backports version. Upgrade instructions -------------------- If you don't use pinning (http://backports.org/dokuwiki/doku.php?id=instructions) you have to update the package manually via apt-get -t etch-backports install. You should upgrade any of the following binary packages that you have installed: libopenafs-dev libpam-openafs-kaserver openafs-client openafs-dbg openafs-dbserver openafs-doc openafs-fileserver openafs-kpasswd openafs-krb5 openafs-modules-source to keep versions consistent, but openafs-modules-source is the critical package with the security fix. We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=lenny-backports Pin-Priority: 200 Note that in order to apply this security update, you must rebuild the OpenAFS kernel module. Be sure to upgrade openafs-modules-source, build a new kernel module for your system following the instructions in /usr/share/doc/openafs-client/README.modules.gz, and then either stop and restart openafs-client or reboot the system to reload the kernel module. -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Attachment:
pgpa2tak3jRUp.pgp
Description: PGP signature