Post, Mark K wrote: > Install mm-1.1.3-35.s390.rpm off CD2.
This version has a temporary file vulnerability which can be exploited to gain root access. You should not install this version on a public web server since this race could be used in conjunction with a remote exploit for Apache (e.g. based on OpenSSL or PHP4). See http://online.securityfocus.com/bid/5352 for details. I guess you have to sign a service contract with SuSE to get a fixed package, though. I could only find fixed SuSE packages for i386, PowerPC, Alpha and SPARC - so it's available for all supported SuSE architectures except S/390. Regards, Stefan Gybas
