Red Hat Reseller News Flash 

Date: Mon, 28 Sep 1998 09:30:03 -0700 (PDT)

It has recently come to the attention of Red Hat Software that there
are significant security holes in CDE.  All users are affected, both those
who purchased CDE Client and those who purchased CDE Developer that runs on 
Red Hat Linux 4.0 up to 5.1.
 
Description of the problem: Several exploits have been found that allow 
any user on your network to gain full access to your CDE session.  There 
are also bugs that allow local users to that machine to gain root access.
This allows anyone that accesses your machine to change files, delete
files, and commit other malicious actions.  Because CDE is not Open 
Source software, we have no ability to fix either the minor bugs that have 
been reported over the last year, or these more important security bugs.
 
Red Hat Software will no longer distribute CDE effective immediately, but
will continue to support the copies of CDE that have been purchased 
up to this point.
 
If you currently have stock of CDE, please return it to your distributor, or 
to Red Hat if you purchased directly from us.
 
If your customers wish to return CDE, please tell them to send their CDE 
CD-ROM to:
CDE Returns
Red Hat Software
P.O. Box 13588 (for U.S. mail returns)
79 T.W. Alexander Dr.
Bldg 4201, Suite 100
Research Triangle Park, NC 27709

Red Hat will provide consumers with a $50 credit towards future purchases upon 
receipt of the CD-ROM.

If you have any questions, please contact Chris Gillespie, chris@redhat.com or 
Terry Tomlinson, terry@redhat.com