-----BEGIN PGP SIGNED MESSAGE----- The IMAP servers included with all versions of Red Hat Linux have a buffer overrun which allow *remote* users to gain root access on systems which run them. A fix for Red Hat 4.1 is now avaialble (details on it at the end of this note). Users of Red Hat 4.0 should apply the Red Hat 4.1 fix. Users of previous releases of Red Hat Linux are strongly encouraged to upgrade or simply not run imap. You can remove imap from any machine running with Red Hat Linux 2.0 or later by running the command "rpm -e imap", rendering them immune to this problem. All of the new packages are PGP signed with Red Hat''s PGP key (as is this message), and may be obtained from ftp.redhat.com:/updates/4.1. If you have direct Internet access, you may upgrade these packages on your system with the following commands: Intel: rpm -Uvh ftp://ftp.redhat.com/updates/4.1/i386/imap-4.1.BETA-3.i386.rpm Alpha: rpm -Uvh ftp://ftp.redhat.com/updates/4.1/alpha/imap-4.1.BETA-3.alpha.rpm SPARC: rpm -Uvh ftp://ftp.redhat.com/updates/4.1/sparc/imap-4.1.BETA-3.sparc.rpm Erik -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMxs/AaUg6PHLopv5AQG/ywQAilkPes+iLTI1r7HXRVeZawC3kjRbZAyx 3FcqswteuL482UeZadZoVo9cu0mnwhsjRAMkqs1hF+PgHGmUniR4JymdtIYTPXHa urZww4fc0A5AIeLwWEPStARipXk3jKDS3VPgKRd8EtQDaj8qAknGIfDBz/ZfFwV2 Aj4cF+TTKJY=GfS1 -----END PGP SIGNATURE-----