Russ Allbery uploaded new packages for openafs (a distributed file system)
which fixed the following security problems:
CVE-2009-1251
An attacker with control of a file server or the ability to forge RX
packets may be able to execute arbitrary code in kernel mode on an
OpenAFS client, due to a vulnerability in XDR array decoding.
CVE-2009-1250
An attacker with control of a file server or the ability to forge RX
packets may crash OpenAFS clients because of wrongly handled error
return codes in the kernel module.
For the etch-backports distribution, the problem has been fixed in version
1.4.10+dfsg1-1~bpo40+1. There was no previous lenny backport of this
package, so the fixed packages available through normal Debian security
channels will work, but 1.4.10+dfsg1-1~bpo50+1 are also available (or will
be available soon) from lenny-backports so that the etch-backports version
wouldn't be higher than the lenny-backports version.
If you don't use pinning
(http://backports.org/dokuwiki/doku.php?id=instructions) you have to
update the package manually via apt-get -t etch-backports install. You
should upgrade any of the following binary packages that you have
installed:
libopenafs-dev
libpam-openafs-kaserver
openafs-client
openafs-dbg
openafs-dbserver
openafs-doc
openafs-fileserver
openafs-kpasswd
openafs-krb5
openafs-modules-source
to keep versions consistent, but openafs-modules-source is the critical
package with the security fix.
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Note that in order to apply this security update, you must rebuild the
OpenAFS kernel module. Be sure to upgrade openafs-modules-source, build a
new kernel module for your system following the instructions in
/usr/share/doc/openafs-client/README.modules.gz, and then either stop and
restart openafs-client or reboot the system to reload the kernel module.
β
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>