Red Hat Reseller News Flash Date: Mon, 28 Sep 1998 09:30:03 -0700 (PDT) It has recently come to the attention of Red Hat Software that there are significant security holes in CDE. All users are affected, both those who purchased CDE Client and those who purchased CDE Developer that runs on Red Hat Linux 4.0 up to 5.1. Description of the problem: Several exploits have been found that allow any user on your network to gain full access to your CDE session. There are also bugs that allow local users to that machine to gain root access. This allows anyone that accesses your machine to change files, delete files, and commit other malicious actions. Because CDE is not Open Source software, we have no ability to fix either the minor bugs that have been reported over the last year, or these more important security bugs. Red Hat Software will no longer distribute CDE effective immediately, but will continue to support the copies of CDE that have been purchased up to this point. If you currently have stock of CDE, please return it to your distributor, or to Red Hat if you purchased directly from us. If your customers wish to return CDE, please tell them to send their CDE CD-ROM to: CDE Returns Red Hat Software P.O. Box 13588 (for U.S. mail returns) 79 T.W. Alexander Dr. Bldg 4201, Suite 100 Research Triangle Park, NC 27709 Red Hat will provide consumers with a $50 credit towards future purchases upon receipt of the CD-ROM. If you have any questions, please contact Chris Gillespie, chris@redhat.com or Terry Tomlinson, terry@redhat.com