Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Saturday 2006-01-28 at 19:28 +0100, Marcus Meissner wrote:
Yes, we usually do not fix bugs for older SUSE Linux versions that are not critical.
It is a bug introduced by the last security update:
| ## Patch description of patch 60ef4c14b4dab97c3635e66c75926796 | Kind: security ... | Longdescription.english: | This update fixes an issue in the hylafax notify script, | which could maybe be used by remote attackers with a valid | faxuser account to run arbitrary commands. | Hsilgne.noitpircsedgnol:
It renders part of the package non warkable, we have to revert to the older, unsecure, rpm version.
It affects, as far as I know, 9.2 and 9.3 - perhaps more.
The hylafax issue will be fixed however.
I have also had a report of somebody having reproduced this on 10.0 OSS now. Regards Hubba