Notice the date on the file. And I would have had no reason to go digging for any KDM issues what so ever since I personally think it's a waste of resources..I am quite capable of typing startx.

The date on the file you gave the URL for is exactly the same: 16 Sept. Regarding the "waste of resources", I may think like you that a graphic login is one, but i doubt my many users would be as happy without it.

...

- SuSE do not have pam_krb5 installed or configured

Doesn't matter the vulnerability exists in the packages that they shipped. So a fix being put out can not be argued about.

I'm sure the fix WILL be put out. But I think that, since SuSE resources are not infinite, it's far better for us that they concentrate on more dangerous vulnerabilities than the KDM one. Like the two ones in sendmail and gkrellmd for which I downloaded the fixed rpm today.

...

- the number of Linux boxes connected to the net that let in users using X11/XDCMP is near zero, due to the inefficiency of the protocol

And how would you know this. Do you statistics to back up your assertion? Or would you just be stating an opinion? Do you know every Linux user personally and do you do scans of all ip networks? I think not. Whether the protocol is inefficient or not..it's in wide enough use that the vulnerability was announced..

The protocol is not in widespread use, or better not used at all, due to the inherent inefficiency it has on high latency networks. And that is not an opinion, is how things are. The fact you see very little connection attempts on your box for X port is a proof enogh: cracker and worm writers go for much more useful targets than this (ones where you don't have to be a Kerberos authenticated user to get in as root, for example.. ;-) And finally, the vulnerability was announced because ALL of them are announced in open source projects. Not because it was especially important or urgent to fix.

I'm not in any kind of situation with KDM or any other GUI login manager because they are a waste in my opinion but as I said earlier I'm more worried about those who don't work like I do or think as I do.

Well, I'm sure anyone who was able to put up a Kerberos authenticated, network distributed X login system is wise enough to watch after himself. My point was that it's not a "default configuration", nor a simple one to set up unless you know very well what you are doing. That is the main reason I don't think this fix is urgent. That said, I think your reasoning that we should also worry for other users out there is perfectly right. I don't want to end up like on Microsoft OSes... ;-)

...

Then, why do you think this is an _important_ security upgrade?

Security is security..one doesn't pick and choose. If it has the ability to be problem then it should be fixed. Period.

Security means assessing the risks and, if you have to make a choice, to fix the more dangerous ones before the less dangerous ones. And that's exacly what's happening in this case, in my opinion.

The picking and choosing of what security issues to address would be the cause of the constant messages that I see scrolling in my tail window...

I beg to differ on this, also... Fixes for all security problems are always released, even by Microsoft. It's the poor security culture in many users and "sysadmins" that DO NOT INSTALL FIXES that's causing so much cruft in our logs. Worm writers and script kiddies know this, and so they go out trying, since they'll find something for sure.

so many so that I might as well not even tail my procmail or fetchmail logs because the firewall log just shoves them past to fast.

Try using grep to filter out unwanted messages... works wonders ;-) I usually log ALL incoming connection with SuSEfirewall. I simply strip firewall's messages with a "grep -v SuSE-FW" when I'm looking for other programs' messages Ciao, Roberto