{"id":"MGASA-2015-0424","summary":"Updated openafs packages fix security vulnerabilities","details":"Updated openafs packages fix security vulnerabilities:\n\nWhen constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx\nimplementations do not initialize three octets of data that are padding\nin the C language structure and were inadvertently included in the wire\nprotocol (CVE-2015-7762).\n\nAdditionally, OpenAFS Rx before version 1.6.14 includes a variable-length\npadding at the end of the ACK packet, in an attempt to detect the path MTU,\nbut only four octets of the additional padding are initialized\n(CVE-2015-7763).\n","modified":"2026-02-01T20:48:35.994837Z","published":"2015-11-02T20:21:29Z","related":["CVE-2015-7762","CVE-2015-7763"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0424.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17050"},{"type":"REPORT","url":"http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt"},{"type":"REPORT","url":"http://openafs.org/dl/openafs/1.6.14/RELNOTES-1.6.14"},{"type":"REPORT","url":"http://openafs.org/dl/openafs/1.6.14.1/RELNOTES-1.6.14.1"},{"type":"REPORT","url":"http://openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"},{"type":"REPORT","url":"https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"}],"affected":[{"package":{"name":"openafs","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openafs?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.15-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0424.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}