IMNSHO, Suse *really* should provide an update rpm:
You don't have to provide an rpm with fixed source, but you
really should (automatically) disable the rpc stuff via
postinstall and probably send an email to root.
Why? Because I'm convinced that quite a lot of people rely on
you (or fou4s or apt-get) to "fix" security problems for them.
Microsoft received some well deserved bashing for not providing
an update for the SQL (or whatever) fix that enabled slammer via
the simple click on the "Windows update" button.
Please don't repeat the M$ mistake!
I know you are on a tight schedule right now, but a remote root
compromise is the highest sort of threat and should be fixed asap.
Ciao
Jörg
--
Joerg Mayer