Multiple vulnerabilities has been found and corrected in openafs:

Buffer overflow in certain client utilities in OpenAFS before 1.6.2
allows remote authenticated users to cause a denial of service (crash)
and possibly execute arbitrary code via a long fileserver ACL entry
(CVE-2013-1794).

Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote
attackers to cause a denial of service (crash) via a large list
from the IdToName RPC, which triggers a heap-based buffer overflow
(CVE-2013-1795).

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26
uses weak encryption (DES) for Kerberos keys, which makes it easier
for remote attackers to obtain the service key (CVE-2013-4134).

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt
option, only enables integrity protection and sends data in cleartext,
which allows remote attackers to obtain sensitive information by
sniffing the network (CVE-2013-4135).

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in
OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial
of service (crash) via a crafted statsVersion argument (CVE-2014-0159).

A denial of service flaw was found in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by
an application using libxml2, would lead to excessive CPU consumption
(denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior
(CVE-2014-3660).

The updated packages have been upgraded to the 1.4.15 version and
patched to correct these issues.

Updated mutt packages fix security vulnerability:

A flaw was discovered in mutt. A specially crafted mail header
could cause mutt to crash, leading to a denial of service condition
(CVE-2014-9116).

The mutt package has been updated to version 1.5.23 and patched to
fix this issue.

Updated flac packages fix security vulnerabilities:

In libFLAC before 1.3.1, a stack overflow (CVE-2014-8962) and a heap
overflow (CVE-2014-9028), which may result in arbitrary code execution,
can be triggered by passing a maliciously crafted .flac file to the
libFLAC decoder.

Updated tcpdump package fixes security vulnerabilities:

The Tcpdump program could crash when processing a malformed OLSR
payload when the verbose output flag was set (CVE-2014-8767).

The application decoder for the Ad hoc On-Demand Distance Vector (AODV)
protocol in Tcpdump fails to perform input validation and performs
unsafe out-of-bound accesses. The application will usually not crash,
but perform out-of-bounds accesses and output/leak larger amounts of
invalid data, which might lead to dropped packets. It is unknown if
a payload exists that might trigger segfaults (CVE-2014-8769).

It was discovered that tcpdump incorrectly handled printing PPP
packets. A remote attacker could use this issue to cause tcpdump to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2014-9140).

Updated mediawiki packages fix security vulnerabilies:

In MediaWiki before 1.23.7, a missing CSRF check could allow reflected
XSS on wikis that allow raw HTML (CVE-2014-9276).

MediaWiki’s mangling, in MediaWiki before 1.23.7, could
allow an article editor to inject code into API consumers that
blindly unserialize PHP representations of the page from the API
(CVE-2014-9277).

This update provides MediaWiki 1.23.7, which fixes these security
issues and other bugs.

Updated bind packages fix security vulnerability:

By making use of maliciously-constructed zones or a rogue server,
an attacker can exploit an oversight in the code BIND 9 uses to
follow delegations in the Domain Name Service, causing BIND to issue
unlimited queries in an attempt to follow the delegation. This can
lead to resource exhaustion and denial of service (up to and including
termination of the named server process) (CVE-2014-8500).

This is a maintenance and bugfix release that upgrades the timezone
data packages to the 2014j version.

Updated libksba packages fix security vulnerability:

By using special crafted S/MIME messages or ECC based OpenPGP data,
it is possible to create a buffer overflow, which could lead to a
denial of service (CVE-2014-9087).

Updated perl-Plack package fixes security vulnerability:

Plack::App::File would previously strip trailing slashes off provided
paths. This in combination with the common pattern of serving files
with Plack::Middleware::Static could allow an attacker to bypass a
whitelist of generated files (CVE-2014-5269).

Updated file packages fix security vulnerability:

An out-of-bounds read flaw was found in file’s donote() function in the
way the file utility determined the note headers of a elf file. This
could possibly lead to file executable crash (CVE-2014-3710).