A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. For the old stable distribution (sarge), this problem has been fixed in version 1.3.81-3sarge3. For the stable distribution (etch), this problem has been fixed in version 1.4.2-6etch1. We recommend that you upgrade your openafs packages.
A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
For the old stable distribution (sarge), this problem has been fixed in version 1.3.81-3sarge3.
For the stable distribution (etch), this problem has been fixed in version 1.4.2-6etch4.
We recommend that you upgrade your openafs packages.
MD5 checksums of the listed files are available in the original advisory.