Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-16948 (GCVE-0-2018-16948)
Vulnerability from cvelistv5 – Published: 2018-09-12 01:00 – Updated: 2024-08-05 10:39
VLAI
EPSS
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2018/dsa-4302 | vendor-advisoryx_refsource_DEBIAN |
| http://openafs.org/pages/security/OPENAFS-SA-2018… | x_refsource_CONFIRM |
Date Public
2018-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:57.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16948",
"datePublished": "2018-09-12T01:00:00.000Z",
"dateReserved": "2018-09-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:39:57.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-16948",
"date": "2026-05-28",
"epss": "0.00357",
"percentile": "0.58137"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.6.23\", \"matchCriteriaId\": \"BA89B3F9-E528-4454-AC07-C4CC229CE95C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.8.0\", \"versionEndExcluding\": \"1.8.2\", \"matchCriteriaId\": \"E83EF0AF-3D2F-46F7-BB02-E3B3841A1487\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en OpenAFS, en versiones anteriores a la 1.6.23 y versiones 1.8.x anteriores a la 1.8.2. Varias rutinas del servidor RPC no inicializaron completamente sus variables de salida antes de volver, filtrando el contenido de la memoria tanto de la pila como la memoria din\\u00e1mica (heap). Debido a que el gestor de cach\\u00e9 de OpenAFS funciona como servidor Rx para el servicio AFSCB, los clientes tambi\\u00e9n son susceptibles de sufrir una fuga de informaci\\u00f3n. Por ejemplo, RXAFSCB_TellMeAboutYourself filtra memoria del kernel y KAM_ListEntry filtra memoria de kaserver.\"}]",
"id": "CVE-2018-16948",
"lastModified": "2024-11-21T03:53:34.010",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-09-12T01:29:00.517",
"references": "[{\"url\": \"http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4302\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4302\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-16948\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-09-12T01:29:00.517\",\"lastModified\":\"2024-11-21T03:53:34.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en OpenAFS, en versiones anteriores a la 1.6.23 y versiones 1.8.x anteriores a la 1.8.2. Varias rutinas del servidor RPC no inicializaron completamente sus variables de salida antes de volver, filtrando el contenido de la memoria tanto de la pila como la memoria din\u00e1mica (heap). Debido a que el gestor de cach\u00e9 de OpenAFS funciona como servidor Rx para el servicio AFSCB, los clientes tambi\u00e9n son susceptibles de sufrir una fuga de informaci\u00f3n. Por ejemplo, RXAFSCB_TellMeAboutYourself filtra memoria del kernel y KAM_ListEntry filtra memoria de kaserver.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.6.23\",\"matchCriteriaId\":\"BA89B3F9-E528-4454-AC07-C4CC229CE95C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.8.0\",\"versionEndExcluding\":\"1.8.2\",\"matchCriteriaId\":\"E83EF0AF-3D2F-46F7-BB02-E3B3841A1487\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4302\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4302\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CNVD-2019-43380
Vulnerability from cnvd - Published: 2019-12-02
VLAI
Title
OpenAFS存在未明漏洞(CNVD-2019-43380)
Description
OpenAFS是一套分布式文件系统,它允许系统之间通过局域网和广域网来分享档案和资源。
OpenAFS 1.6.23之前版本和1.8.2之前的1.8.x版本中存在安全漏洞,该漏洞源于在返回输出变量之前,RPC服务器例行进程没有充分地对其进行初始化。攻击者可利用该漏洞泄露栈堆的内存内容。
Severity
中
Patch Name
OpenAFS存在未明漏洞(CNVD-2019-43380)的补丁
Patch Description
OpenAFS是一套分布式文件系统,它允许系统之间通过局域网和广域网来分享档案和资源。
OpenAFS 1.6.23之前版本和1.8.2之前的1.8.x版本中存在安全漏洞,该漏洞源于在返回输出变量之前,RPC服务器例行进程没有充分地对其进行初始化。攻击者可利用该漏洞泄露栈堆的内存内容。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
Reference
http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
Impacted products
| Name | ['OpenAFS OpenAFS 1.8*,<1.8.2', 'OpenAFS OpenAFS <1.6.23'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-16948"
}
},
"description": "OpenAFS\u662f\u4e00\u5957\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\uff0c\u5b83\u5141\u8bb8\u7cfb\u7edf\u4e4b\u95f4\u901a\u8fc7\u5c40\u57df\u7f51\u548c\u5e7f\u57df\u7f51\u6765\u5206\u4eab\u6863\u6848\u548c\u8d44\u6e90\u3002\n\nOpenAFS 1.6.23\u4e4b\u524d\u7248\u672c\u548c1.8.2\u4e4b\u524d\u76841.8.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u8fd4\u56de\u8f93\u51fa\u53d8\u91cf\u4e4b\u524d\uff0cRPC\u670d\u52a1\u5668\u4f8b\u884c\u8fdb\u7a0b\u6ca1\u6709\u5145\u5206\u5730\u5bf9\u5176\u8fdb\u884c\u521d\u59cb\u5316\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u6808\u5806\u7684\u5185\u5b58\u5185\u5bb9\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://openafs.org/pages/security/OPENAFS-SA-2018-002.txt",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-43380",
"openTime": "2019-12-02",
"patchDescription": "OpenAFS\u662f\u4e00\u5957\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\uff0c\u5b83\u5141\u8bb8\u7cfb\u7edf\u4e4b\u95f4\u901a\u8fc7\u5c40\u57df\u7f51\u548c\u5e7f\u57df\u7f51\u6765\u5206\u4eab\u6863\u6848\u548c\u8d44\u6e90\u3002\r\n\r\nOpenAFS 1.6.23\u4e4b\u524d\u7248\u672c\u548c1.8.2\u4e4b\u524d\u76841.8.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u8fd4\u56de\u8f93\u51fa\u53d8\u91cf\u4e4b\u524d\uff0cRPC\u670d\u52a1\u5668\u4f8b\u884c\u8fdb\u7a0b\u6ca1\u6709\u5145\u5206\u5730\u5bf9\u5176\u8fdb\u884c\u521d\u59cb\u5316\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u6808\u5806\u7684\u5185\u5b58\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "OpenAFS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-43380\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"OpenAFS OpenAFS 1.8*\uff0c\u003c1.8.2",
"OpenAFS OpenAFS \u003c1.6.23"
]
},
"referenceLink": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt",
"serverity": "\u4e2d",
"submitTime": "2018-09-16",
"title": "OpenAFS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-43380\uff09"
}
FKIE_CVE-2018-16948
Vulnerability from fkie_nvd - Published: 2018-09-12 01:29 - Updated: 2024-11-21 03:53
Severity
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4302 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4302 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| openafs | openafs | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA89B3F9-E528-4454-AC07-C4CC229CE95C",
"versionEndExcluding": "1.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E83EF0AF-3D2F-46F7-BB02-E3B3841A1487",
"versionEndExcluding": "1.8.2",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en OpenAFS, en versiones anteriores a la 1.6.23 y versiones 1.8.x anteriores a la 1.8.2. Varias rutinas del servidor RPC no inicializaron completamente sus variables de salida antes de volver, filtrando el contenido de la memoria tanto de la pila como la memoria din\u00e1mica (heap). Debido a que el gestor de cach\u00e9 de OpenAFS funciona como servidor Rx para el servicio AFSCB, los clientes tambi\u00e9n son susceptibles de sufrir una fuga de informaci\u00f3n. Por ejemplo, RXAFSCB_TellMeAboutYourself filtra memoria del kernel y KAM_ListEntry filtra memoria de kaserver."
}
],
"id": "CVE-2018-16948",
"lastModified": "2024-11-21T03:53:34.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T01:29:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-Q586-R5VX-JGJF
Vulnerability from github – Published: 2022-05-14 01:58 – Updated: 2022-05-14 01:58
VLAI
Details
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2018-16948"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-12T01:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.",
"id": "GHSA-q586-r5vx-jgjf",
"modified": "2022-05-14T01:58:19Z",
"published": "2022-05-14T01:58:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16948"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"type": "WEB",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2018-16948
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-16948",
"description": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.",
"id": "GSD-2018-16948",
"references": [
"https://www.suse.com/security/cve/CVE-2018-16948.html",
"https://www.debian.org/security/2018/dsa-4302",
"https://advisories.mageia.org/CVE-2018-16948.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-16948"
],
"details": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.",
"id": "GSD-2018-16948",
"modified": "2023-12-13T01:22:25.951336Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.2",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.6.23",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16948"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-11-19T14:47Z",
"publishedDate": "2018-09-12T01:29Z"
}
}
}
OPENSUSE-SU-2024:11113-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
openafs-1.8.8-1.13 on GA media
Severity
Moderate
Notes
Title of the patch: openafs-1.8.8-1.13 on GA media
Description of the patch: These are all security issues fixed in the openafs-1.8.8-1.13 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11113
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "openafs-1.8.8-1.13 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the openafs-1.8.8-1.13 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11113",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11113-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16947 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16948 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16949 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16949/"
}
],
"title": "openafs-1.8.8-1.13 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11113-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openafs-1.8.8-1.13.aarch64",
"product": {
"name": "openafs-1.8.8-1.13.aarch64",
"product_id": "openafs-1.8.8-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "openafs-authlibs-1.8.8-1.13.aarch64",
"product": {
"name": "openafs-authlibs-1.8.8-1.13.aarch64",
"product_id": "openafs-authlibs-1.8.8-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "openafs-authlibs-devel-1.8.8-1.13.aarch64",
"product": {
"name": "openafs-authlibs-devel-1.8.8-1.13.aarch64",
"product_id": "openafs-authlibs-devel-1.8.8-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "openafs-client-1.8.8-1.13.aarch64",
"product": {
"name": "openafs-client-1.8.8-1.13.aarch64",
"product_id": "openafs-client-1.8.8-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "openafs-devel-1.8.8-1.13.aarch64",
"product": {
"name": "openafs-devel-1.8.8-1.13.aarch64",
"product_id": "openafs-devel-1.8.8-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "openafs-fuse_client-1.8.8-1.13.aarch64",
"product": {
"name": "openafs-fuse_client-1.8.8-1.13.aarch64",
"product_id": "openafs-fuse_client-1.8.8-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "openafs-kernel-source-1.8.8-1.13.aarch64",
"product": {
"name": "openafs-kernel-source-1.8.8-1.13.aarch64",
"product_id": "openafs-kernel-source-1.8.8-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"product": {
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"product_id": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "openafs-server-1.8.8-1.13.aarch64",
"product": {
"name": "openafs-server-1.8.8-1.13.aarch64",
"product_id": "openafs-server-1.8.8-1.13.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openafs-1.8.8-1.13.ppc64le",
"product": {
"name": "openafs-1.8.8-1.13.ppc64le",
"product_id": "openafs-1.8.8-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "openafs-authlibs-1.8.8-1.13.ppc64le",
"product": {
"name": "openafs-authlibs-1.8.8-1.13.ppc64le",
"product_id": "openafs-authlibs-1.8.8-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"product": {
"name": "openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"product_id": "openafs-authlibs-devel-1.8.8-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "openafs-client-1.8.8-1.13.ppc64le",
"product": {
"name": "openafs-client-1.8.8-1.13.ppc64le",
"product_id": "openafs-client-1.8.8-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "openafs-devel-1.8.8-1.13.ppc64le",
"product": {
"name": "openafs-devel-1.8.8-1.13.ppc64le",
"product_id": "openafs-devel-1.8.8-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "openafs-fuse_client-1.8.8-1.13.ppc64le",
"product": {
"name": "openafs-fuse_client-1.8.8-1.13.ppc64le",
"product_id": "openafs-fuse_client-1.8.8-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "openafs-kernel-source-1.8.8-1.13.ppc64le",
"product": {
"name": "openafs-kernel-source-1.8.8-1.13.ppc64le",
"product_id": "openafs-kernel-source-1.8.8-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"product": {
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"product_id": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "openafs-server-1.8.8-1.13.ppc64le",
"product": {
"name": "openafs-server-1.8.8-1.13.ppc64le",
"product_id": "openafs-server-1.8.8-1.13.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openafs-1.8.8-1.13.s390x",
"product": {
"name": "openafs-1.8.8-1.13.s390x",
"product_id": "openafs-1.8.8-1.13.s390x"
}
},
{
"category": "product_version",
"name": "openafs-authlibs-1.8.8-1.13.s390x",
"product": {
"name": "openafs-authlibs-1.8.8-1.13.s390x",
"product_id": "openafs-authlibs-1.8.8-1.13.s390x"
}
},
{
"category": "product_version",
"name": "openafs-authlibs-devel-1.8.8-1.13.s390x",
"product": {
"name": "openafs-authlibs-devel-1.8.8-1.13.s390x",
"product_id": "openafs-authlibs-devel-1.8.8-1.13.s390x"
}
},
{
"category": "product_version",
"name": "openafs-client-1.8.8-1.13.s390x",
"product": {
"name": "openafs-client-1.8.8-1.13.s390x",
"product_id": "openafs-client-1.8.8-1.13.s390x"
}
},
{
"category": "product_version",
"name": "openafs-devel-1.8.8-1.13.s390x",
"product": {
"name": "openafs-devel-1.8.8-1.13.s390x",
"product_id": "openafs-devel-1.8.8-1.13.s390x"
}
},
{
"category": "product_version",
"name": "openafs-fuse_client-1.8.8-1.13.s390x",
"product": {
"name": "openafs-fuse_client-1.8.8-1.13.s390x",
"product_id": "openafs-fuse_client-1.8.8-1.13.s390x"
}
},
{
"category": "product_version",
"name": "openafs-kernel-source-1.8.8-1.13.s390x",
"product": {
"name": "openafs-kernel-source-1.8.8-1.13.s390x",
"product_id": "openafs-kernel-source-1.8.8-1.13.s390x"
}
},
{
"category": "product_version",
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"product": {
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"product_id": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x"
}
},
{
"category": "product_version",
"name": "openafs-server-1.8.8-1.13.s390x",
"product": {
"name": "openafs-server-1.8.8-1.13.s390x",
"product_id": "openafs-server-1.8.8-1.13.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openafs-1.8.8-1.13.x86_64",
"product": {
"name": "openafs-1.8.8-1.13.x86_64",
"product_id": "openafs-1.8.8-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "openafs-authlibs-1.8.8-1.13.x86_64",
"product": {
"name": "openafs-authlibs-1.8.8-1.13.x86_64",
"product_id": "openafs-authlibs-1.8.8-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "openafs-authlibs-devel-1.8.8-1.13.x86_64",
"product": {
"name": "openafs-authlibs-devel-1.8.8-1.13.x86_64",
"product_id": "openafs-authlibs-devel-1.8.8-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "openafs-client-1.8.8-1.13.x86_64",
"product": {
"name": "openafs-client-1.8.8-1.13.x86_64",
"product_id": "openafs-client-1.8.8-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "openafs-devel-1.8.8-1.13.x86_64",
"product": {
"name": "openafs-devel-1.8.8-1.13.x86_64",
"product_id": "openafs-devel-1.8.8-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "openafs-fuse_client-1.8.8-1.13.x86_64",
"product": {
"name": "openafs-fuse_client-1.8.8-1.13.x86_64",
"product_id": "openafs-fuse_client-1.8.8-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "openafs-kernel-source-1.8.8-1.13.x86_64",
"product": {
"name": "openafs-kernel-source-1.8.8-1.13.x86_64",
"product_id": "openafs-kernel-source-1.8.8-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"product": {
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"product_id": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "openafs-server-1.8.8-1.13.x86_64",
"product": {
"name": "openafs-server-1.8.8-1.13.x86_64",
"product_id": "openafs-server-1.8.8-1.13.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-1.8.8-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64"
},
"product_reference": "openafs-1.8.8-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-1.8.8-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le"
},
"product_reference": "openafs-1.8.8-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-1.8.8-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x"
},
"product_reference": "openafs-1.8.8-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-1.8.8-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64"
},
"product_reference": "openafs-1.8.8-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-authlibs-1.8.8-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64"
},
"product_reference": "openafs-authlibs-1.8.8-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-authlibs-1.8.8-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le"
},
"product_reference": "openafs-authlibs-1.8.8-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-authlibs-1.8.8-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x"
},
"product_reference": "openafs-authlibs-1.8.8-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-authlibs-1.8.8-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64"
},
"product_reference": "openafs-authlibs-1.8.8-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-authlibs-devel-1.8.8-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64"
},
"product_reference": "openafs-authlibs-devel-1.8.8-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-authlibs-devel-1.8.8-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le"
},
"product_reference": "openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-authlibs-devel-1.8.8-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x"
},
"product_reference": "openafs-authlibs-devel-1.8.8-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-authlibs-devel-1.8.8-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64"
},
"product_reference": "openafs-authlibs-devel-1.8.8-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-client-1.8.8-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64"
},
"product_reference": "openafs-client-1.8.8-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-client-1.8.8-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le"
},
"product_reference": "openafs-client-1.8.8-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-client-1.8.8-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x"
},
"product_reference": "openafs-client-1.8.8-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-client-1.8.8-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64"
},
"product_reference": "openafs-client-1.8.8-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-devel-1.8.8-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64"
},
"product_reference": "openafs-devel-1.8.8-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-devel-1.8.8-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le"
},
"product_reference": "openafs-devel-1.8.8-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-devel-1.8.8-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x"
},
"product_reference": "openafs-devel-1.8.8-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-devel-1.8.8-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64"
},
"product_reference": "openafs-devel-1.8.8-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-fuse_client-1.8.8-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64"
},
"product_reference": "openafs-fuse_client-1.8.8-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-fuse_client-1.8.8-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le"
},
"product_reference": "openafs-fuse_client-1.8.8-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-fuse_client-1.8.8-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x"
},
"product_reference": "openafs-fuse_client-1.8.8-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-fuse_client-1.8.8-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64"
},
"product_reference": "openafs-fuse_client-1.8.8-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-kernel-source-1.8.8-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64"
},
"product_reference": "openafs-kernel-source-1.8.8-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-kernel-source-1.8.8-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le"
},
"product_reference": "openafs-kernel-source-1.8.8-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-kernel-source-1.8.8-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x"
},
"product_reference": "openafs-kernel-source-1.8.8-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-kernel-source-1.8.8-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64"
},
"product_reference": "openafs-kernel-source-1.8.8-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64"
},
"product_reference": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le"
},
"product_reference": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x"
},
"product_reference": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64"
},
"product_reference": "openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-server-1.8.8-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64"
},
"product_reference": "openafs-server-1.8.8-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-server-1.8.8-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le"
},
"product_reference": "openafs-server-1.8.8-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-server-1.8.8-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x"
},
"product_reference": "openafs-server-1.8.8-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openafs-server-1.8.8-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
},
"product_reference": "openafs-server-1.8.8-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume\u0027s content with arbitrary data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16947",
"url": "https://www.suse.com/security/cve/CVE-2018-16947"
},
{
"category": "external",
"summary": "SUSE Bug 1108153 for CVE-2018-16947",
"url": "https://bugzilla.suse.com/1108153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16947"
},
{
"cve": "CVE-2018-16948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16948"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16948",
"url": "https://www.suse.com/security/cve/CVE-2018-16948"
},
{
"category": "external",
"summary": "SUSE Bug 1108154 for CVE-2018-16948",
"url": "https://bugzilla.suse.com/1108154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16948"
},
{
"cve": "CVE-2018-16949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16949"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16949",
"url": "https://www.suse.com/security/cve/CVE-2018-16949"
},
{
"category": "external",
"summary": "SUSE Bug 1108155 for CVE-2018-16949",
"url": "https://bugzilla.suse.com/1108155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openafs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-devel-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13.x86_64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.aarch64",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.s390x",
"openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13.x86_64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.aarch64",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.ppc64le",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.s390x",
"openSUSE Tumbleweed:openafs-server-1.8.8-1.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16949"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…