https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c4 Roman Drahtmueller <draht@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |draht@novell.com, | |rjardine@novell.com Severity|Major |Critical --- Comment #4 from Roman Drahtmueller <draht@novell.com> 2011-01-25 15:09:05 UTC --- Hello Matthew, the update that was proposed is not about an eye candy issue, an annoyance or a functional bug that the users can theoretically live with. The said security vulnerability allows the attacker to add code to the server - resulting in remote access, and also in the addition to code that would be executed on the client side for secondary attacks. This is serious, and we get questions from our users why it isn't fixed (appended to the remark that they are on the server, basically). This issue does not tolerate any further delay, and immediate action needs to be taken. Specifically before the background of the blackout period a defacement of the webpages is by far less than acceptable. This is infrastructure that needs to be relied on; it has started backfiring already. Please also advise which additional security measures are in place for the affected servers (eg. AppArmor profiles). There is no doubt that the network-facing services need such protection in light of the administrative procedures that do not apply top priority to security updates. Thank you, Roman. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.