CVE-2024-10397

NameCVE-2024-10397
DescriptionA malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5842-1
Debian Bugs1087406, 1087407

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openafs (PTS)bullseye1.8.6-5vulnerable
bookworm1.8.9-1vulnerable
bookworm (security)1.8.9-1+deb12u1fixed
sid1.8.13-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openafssourcebookworm1.8.9-1+deb12u1DSA-5842-1
openafssource(unstable)1.8.13-11087406, 1087407

Notes

http://openafs.org/pages/security/OPENAFS-SA-2024-003.txt
https://lists.openafs.org/pipermail/openafs-devel/2024-November/020961.html
https://www.openafs.org/pages/security/openafs-sa-2024-003-stable16.patch (openafs-stable-1_6_25)
https://www.openafs.org/pages/security/openafs-sa-2024-003-stable18.patch (openafs-stable-1_8_13)
http://git.openafs.org/?p=openafs.git;a=commit;h=40440c3eb628ff1772588bdc99d7496292097bbd (openafs-stable-1_8_13)
http://git.openafs.org/?p=openafs.git;a=commit;h=c18640c6b98b10cd6f78c63195ff822689cb5348 (openafs-stable-1_8_13)
http://git.openafs.org/?p=openafs.git;a=commit;h=d253a52d3b59bd691eae8863ea2f06d99ad18550 (openafs-stable-1_8_13)
http://git.openafs.org/?p=openafs.git;a=commit;h=0ff2cd9e0f5656e8327c5fe47935998de3669678 (openafs-stable-1_8_13)
http://git.openafs.org/?p=openafs.git;a=commit;h=a82212ab20f0635a40c52648a52a1e9eaccc4937 (openafs-stable-1_8_13)
http://git.openafs.org/?p=openafs.git;a=commit;h=25ad3931d5c03ead625a96e6b626febeb3e20453 (openafs-stable-1_8_13)
http://git.openafs.org/?p=openafs.git;a=commit;h=4871f8ad2775e97bb85ff7efc33a4ad8d3f6d9d1 (openafs-stable-1_8_13)
http://git.openafs.org/?p=openafs.git;a=commit;h=37e585f0841803cdf3a1f99770034890ba162d7c (openafs-stable-1_8_13)
Search for package or bug name: Reporting problems