Some of you may have noticed recent reports of security vulnerabilities in the mailx and perl packages in various linux distributions. These vulnerabilities may allow a malicious local user who has shell access to gain root privileges. These circumstances should *never* occur with the e-smith server and gateway - local users in general do not have local shell access, and shell access is only available of the local administrator has made custom changes. Local shell access should only be granted to trusted local users. Nevertheless, just in case there are any users or developers who have granted shell access to some users, and wish to protect their server, I have uploaded new RPMs to the update directory of ftp.e-smith.net. To apply these updates, log in as root on a console, and do: rpm -Uhv \ ftp://ftp.e-smith.net/pub/e-smith/e-smith-4.0/updates/RPMS/i386/\ mailx-8.1.1-16.i386.rpm rpm -Uhv \ ftp://ftp.e-smith.net/pub/e-smith/e-smith-4.0/updates/RPMS/i386/\ perl-5.00503-11.i386.rpm FYI, these RPMs are local rebuilds of the update RPMs issued by RedHat. You may safely choose a local RedHat or e-smith mirror as the source of these RPMs. -- Charlie
