A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service by simultaneously acquiring and giving back file callbacks . The updated packages have been patched to prevent this issue.