40 lines
1.5 KiB
Plaintext
40 lines
1.5 KiB
Plaintext
Red Hat Reseller News Flash
|
|
|
|
Date: Mon, 28 Sep 1998 09:30:03 -0700 (PDT)
|
|
|
|
It has recently come to the attention of Red Hat Software that there
|
|
are significant security holes in CDE. All users are affected, both those
|
|
who purchased CDE Client and those who purchased CDE Developer that runs on
|
|
Red Hat Linux 4.0 up to 5.1.
|
|
|
|
Description of the problem: Several exploits have been found that allow
|
|
any user on your network to gain full access to your CDE session. There
|
|
are also bugs that allow local users to that machine to gain root access.
|
|
This allows anyone that accesses your machine to change files, delete
|
|
files, and commit other malicious actions. Because CDE is not Open
|
|
Source software, we have no ability to fix either the minor bugs that have
|
|
been reported over the last year, or these more important security bugs.
|
|
|
|
Red Hat Software will no longer distribute CDE effective immediately, but
|
|
will continue to support the copies of CDE that have been purchased
|
|
up to this point.
|
|
|
|
If you currently have stock of CDE, please return it to your distributor, or
|
|
to Red Hat if you purchased directly from us.
|
|
|
|
If your customers wish to return CDE, please tell them to send their CDE
|
|
CD-ROM to:
|
|
CDE Returns
|
|
Red Hat Software
|
|
P.O. Box 13588 (for U.S. mail returns)
|
|
79 T.W. Alexander Dr.
|
|
Bldg 4201, Suite 100
|
|
Research Triangle Park, NC 27709
|
|
|
|
Red Hat will provide consumers with a $50 credit towards future purchases upon
|
|
receipt of the CD-ROM.
|
|
|
|
If you have any questions, please contact Chris Gillespie, chris@redhat.com or
|
|
Terry Tomlinson, terry@redhat.com
|
|
|