User-Visible OpenAFS Changes OpenAFS 1.6.13 All server platforms * Fix for CVE-2015-3282: vos leaks stack data onto the wire in the clear when creating vldb entries * Workaround for CVE-2015-3283: bos commands can be spoofed, including some which alter server state * Disabled searching the VLDB by volume name regular expression to avoid possible buffer overruns in the volume location server All client platforms * Fix for CVE-2015-3284: pioctls leak kernel memory * Fix for CVE-2015-3285: kernel pioctl support for OSD command passing can trigger a panic Solaris clients * Fix for CVE-2015-3286: Solaris grouplist modifications for PAGs can panic or overwrite memory