Bugzilla – Bug 1155395
VUL-0: CVE-2019-18602: openafs: information disclosure via uninitialized scalars are sent over the network
Last modified: 2019-12-09 07:43:33 UTC
CVE-2019-18602 OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18602 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18602.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18602 https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt
Same comment as in #1155396 The upstream security-fixed version is already accepted in openSUSE:Factory. Somehow I can't figure out how to get that into LEAP 15.1 Normal submission tells me to use the maintenance workflow and this one says: hanke@dijon:/srv/OBS/home:hauky:branches:OBS_Maintained:openafs/openafs.openSUSE_Leap_15.1_Update> osc maintenancerequest --incident=1155396 openSUSE:Factory openafs openSUSE:Leap:15.1:Update Using target project 'openSUSE:Maintenance:1155396' Server returned an error: HTTP Error 404: Not Found openSUSE:Maintenance:1155396 So, what to do ?
Maitenance request to upgrade to openafs-1.8.5 for Leap 15.1 accepted https://build.opensuse.org/request/show/748510