The cache manager of OpenAFS contains several bugs resulting in remote execution of arbitrary code.
|Package||net-fs/openafs on all architectures|
|Affected versions||< 1.4.9|
|Unaffected versions||>= 1.4.9|
OpenAFS is a distributed file system.
Two vulnerabilities were discovered:
The vulnerabilities might allow remote unauthenticated attackers to cause a Denial of Service (system crash) and possibly execute arbitrary code.
There is no known workaround at this time.
All OpenAFS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.9"
January 16, 2011
January 16, 2011: 01