File RELNOTES-1.8.2 of Package openafs

                       User-Visible OpenAFS Changes

OpenAFS 1.8.2

  All platforms

    * Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
      Various RPC routines did not always initialize all output fields,
      exposing memory contents to network attackers.  The relevant RPCs include
      an AFSCB_ RPC, so cache managers are affected as well as servers.

  All server platforms

    * Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption
      Various RPCs were defined as allowing unbounded arrays as input, allowing
      an unauthenticated attacker to cause excess memory allocation and tie up
      network bandwidth by sending (or claiming to send) large input arrays.

    * Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
      On systems using the in-tree backup system, the butc process was running
      with administrative credentials, but accepted incoming RPCs over
      unauthenticated connections; these incoming RPCs in turn triggered
      outgoing RPCs using the administrative credentials.  Unauthenticated
      attackers could construct volue dumps containing arbitrary contents
      and cause these dumps to be restored and overwrite arbitrary volume
      contents; afterward, the backup database could be restored to its
      initial state, hiding evidence of the unauthorized changes.

      Running butc with -localauth now requires authenticated incoming
      connections, and the backup utility makes authenticated connections to
      the butc.  Audit capabilities have been added to the butc RPC handlers.
      Command-line arguments are provided to retain the (insecure) historical
      behavior until all systems have been upgraded.