Hi Pat The openafs mailling list says the openafs release fixing those CVE's is v 1.6.15. The packages listed in the errata state 1.6.14. SL6/7 Do the SL packages not track the openafs release numbers ? Thanks Sean