Hi All, the OpenAFS folks issued two security advisories: http://www.openafs.org/pages/security/OPENAFS-SA-2009-001.txt http://www.openafs.org/pages/security/OPENAFS-SA-2009-002.txt Exploiting these issues is probably very difficult, but the impact especially of the first one could be really serious. The patches provided apply reasonably cleanly to our current build for SL5 (1.4.7-68.1, which is a minute update to the current one on SL4, 1.4.7-68), and from reading the source and the patches, it should be ok to just use them like this. I put up an SRPM with these patches here: http://www-zeuthen.desy.de/~wiesand/SL5/openafs.SLx-1.4.7-68.2.src.rpm I could not yet test the resulting RPMs yet, and won't be able to do so before tomorrow during the day (GMT+2), but wanted to provide this asap in case someone else can. Once tested, this should probably become a "critical" security update for SL4 and SL5. The patches do not apply to the 1.2.13 source (for SL3). It seems quite feasible to apply the required changes (I wouldn't even call it "backporting"), but that will take some time and testing the SL5 and SL4 builds is much higher on my priority list. As a stopgap measure, the 1.4.7-68.2 SRPM will build and should work on SL3 as well. Cheers, Stephan -- Stephan Wiesand DESY - DV - Platanenallee 6 15738 Zeuthen, Germany