Synopsis: Critical: OpenAFS security update Advisory ID: OPENAFS-SA-2016-001/2 Issue Date: 2016-03-17 CVE Numbers: CVE-2016-2860 -- This release fixes the vulnerabilities tracked as OPENAFS-SA-2016-001 and OPENAFS-SA-2016-002. OPENAFS-SA-2016-001 (CVE-2016-2860): Users from foreign Kerberos realms can create groups as if they were administrators OPENAFS-SA-2016-002: Information leakage over the network due to uninitialized memory For more details please see http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt -- SL5 x86_64 kernel-module-openafs-2.6.18-406.el5-1.4.15-89.sl5.x86_64.rpm kernel-module-openafs-2.6.18-406.el5xen-1.4.15-89.sl5.x86_64.rpm openafs-1.4.15-89.sl5.x86_64.rpm openafs-authlibs-1.4.15-89.sl5.x86_64.rpm openafs-authlibs-devel-1.4.15-89.sl5.x86_64.rpm openafs-client-1.4.15-89.sl5.x86_64.rpm openafs-compat-1.4.15-89.sl5.x86_64.rpm openafs-debug-1.4.15-89.sl5.x86_64.rpm openafs-devel-1.4.15-89.sl5.x86_64.rpm openafs-kernel-source-1.4.15-89.sl5.x86_64.rpm openafs-kpasswd-1.4.15-89.sl5.x86_64.rpm openafs-krb5-1.4.15-89.sl5.x86_64.rpm openafs-server-1.4.15-89.sl5.x86_64.rpm i386 kernel-module-openafs-2.6.18-406.el5-1.4.15-89.sl5.i686.rpm kernel-module-openafs-2.6.18-406.el5PAE-1.4.15-89.sl5.i686.rpm kernel-module-openafs-2.6.18-406.el5xen-1.4.15-89.sl5.i686.rpm openafs-1.4.15-89.sl5.i386.rpm openafs-authlibs-1.4.15-89.sl5.i386.rpm openafs-authlibs-devel-1.4.15-89.sl5.i386.rpm openafs-client-1.4.15-89.sl5.i386.rpm openafs-compat-1.4.15-89.sl5.i386.rpm openafs-debug-1.4.15-89.sl5.i386.rpm openafs-devel-1.4.15-89.sl5.i386.rpm openafs-kernel-source-1.4.15-89.sl5.i386.rpm openafs-kpasswd-1.4.15-89.sl5.i386.rpm openafs-krb5-1.4.15-89.sl5.i386.rpm openafs-server-1.4.15-89.sl5.i386.rpm SL6 x86_64 kmod-openafs-573-1.6.17-234.sl6.573.12.1.x86_64.rpm openafs-1.6.17-234.sl6.x86_64.rpm openafs-authlibs-1.6.17-234.sl6.x86_64.rpm openafs-authlibs-devel-1.6.17-234.sl6.x86_64.rpm openafs-client-1.6.17-234.sl6.x86_64.rpm openafs-compat-1.6.17-234.sl6.x86_64.rpm openafs-devel-1.6.17-234.sl6.x86_64.rpm openafs-kernel-source-1.6.17-234.sl6.x86_64.rpm openafs-kpasswd-1.6.17-234.sl6.x86_64.rpm openafs-krb5-1.6.17-234.sl6.x86_64.rpm openafs-module-tools-1.6.17-234.sl6.x86_64.rpm openafs-plumbing-tools-1.6.17-234.sl6.x86_64.rpm openafs-server-1.6.17-234.sl6.x86_64.rpm i386 kmod-openafs-573-1.6.17-234.sl6.573.12.1.i686.rpm openafs-1.6.17-234.sl6.i686.rpm openafs-authlibs-1.6.17-234.sl6.i686.rpm openafs-authlibs-devel-1.6.17-234.sl6.i686.rpm openafs-client-1.6.17-234.sl6.i686.rpm openafs-compat-1.6.17-234.sl6.i686.rpm openafs-devel-1.6.17-234.sl6.i686.rpm openafs-kernel-source-1.6.17-234.sl6.i686.rpm openafs-kpasswd-1.6.17-234.sl6.i686.rpm openafs-krb5-1.6.17-234.sl6.i686.rpm openafs-module-tools-1.6.17-234.sl6.i686.rpm openafs-plumbing-tools-1.6.17-234.sl6.i686.rpm openafs-server-1.6.17-234.sl6.i686.rpm SL7 x86_64 kmod-openafs-1.6-sl-327-1.6.17-234.sl7.327.10.1.x86_64.rpm openafs-1.6-sl-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-authlibs-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-authlibs-devel-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-client-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-compat-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-devel-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-kernel-source-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-kpasswd-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-krb5-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-module-tools-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-plumbing-tools-1.6.17-234.sl7.x86_64.rpm openafs-1.6-sl-server-1.6.17-234.sl7.x86_64.rpm