[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[no subject]



>From redhat-watch-list-request redhat com  Fri Sep 25 16: 13:16 1998
Return-Path: <redhat-watch-list-request redhat com>
Received: from localhost (djb localhost [127.0.0.1])
	by chef.redhat.com (8.8.7/8.8.7) with ESMTP id QAA01318
	for <djb localhost>; Fri, 25 Sep 1998 16:13:16 -0400
Received: from lacrosse.redhat.com
	by fetchmail-4.5.8 POP3
	for <djb/localhost> (single-drop); Fri, 25 Sep 1998 16:13:16 EDT
Received: from mail.redhat.com (mail.redhat.com [199.183.24.239])
	by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id QAA26737
	for <djb lacrosse redhat com>; Fri, 25 Sep 1998 16:12:20 -0400
Received: from mail2.redhat.com (mail2.redhat.com [199.183.24.247])
	by mail.redhat.com (8.8.7/8.8.7) with SMTP id QAA03759
	for <djb redhat com>; Fri, 25 Sep 1998 16:12:52 -0400
Received: (qmail 21362 invoked by uid 501); 25 Sep 1998 20:12:56 -0000
Received: (qmail 21348 invoked from network); 25 Sep 1998 20:12:55 -0000
Received: from lacrosse.redhat.com (root 207 175 42 154)
  by mail2.redhat.com with SMTP; 25 Sep 1998 20:12:55 -0000
Received: from flounder.redhat.com (root flounder redhat com [207.175.43.23])
	by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id QAA26733
	for <redhat-watch-list redhat com>; Fri, 25 Sep 1998 16:12:19 -0400
Received: from flounder.redhat.com (hilary localhost [127.0.0.1])
	by flounder.redhat.com (8.8.7/8.8.7) with ESMTP id QAA05660
	for <redhat-watch-list redhat com>; Fri, 25 Sep 1998 16:12:17 -0400
Message-Id: <199809252012 QAA05660 flounder redhat com>
X-Mailer: exmh version 2.0.2
To: redhat-watch-list redhat com
Subject: SECURITY:  CDE Client and Developer Editions
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 25 Sep 1998 16:12:17 -0400
From: Hilary Stokes <hilary redhat com>
Resent-To: approve-watch
Resent-Date: Fri, 25 Sep 1998 17:30:08 -0400
Resent-From: djb localhost



SECURITY:  CDE Client and Developer Editions

It has recently come to the attention of Red Hat Software that there
are significant security holes in CDE.  All users are affected, both those
who purchased CDE Client and those who purchased CDE Developer that runs on 
Red Hat Linux 4.0 up to 5.1.

Description of the problem: Several exploits have been found that allow 
any user on your network to gain full access to your CDE session.  There 
are also bugs that allow local users to that machine to gain root access.
This allows anyone that accesses your machine to change files, delete
files, and commit other malicious actions.  Because CDE is not Open 
Source software, we have no ability to fix either the minor bugs that have 
been reported over the last year, or these more important security bugs.

Solution:  There is currently no fix available for these security problems.
If CDE is necessary for your application, you can contact XiGraphics at 
http://www.xigraphics.com.  If you are looking for a localized desktop
environment, our recommendation is to upgrade to the new GNOME desktop, 
where betas are currently available at http://www.gnome.org. 

Red Hat Software will no longer distribute CDE effective immediately, but
will continue to support the copies of CDE that have been purchased 
up to this point. We will also be providing a $50 credit towards future 
purchases of official Red Hat Software products made directly from Red Hat 
Software for all who have purchased Red Hat's TriTeal CDE Client or 
Developer edition. 

Please follow the following procedure to obtain credit.

1)  If you purchased from a reseller Send your CDE CD-ROM to 
CDE Returns
Red Hat Software
P.O. Box 13588 (for U.S. mail returns)
79 T.W. Alexander Dr.
Bldg 4201, Suite 100
Research Triangle Park, NC 27709

2)  If you purchased directly from Red Hat Software, call our sales
office at 888-REDHAT1 and they will assist you.

Thank you for supporting the Open Source model.






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]