On June the 28th SuSE released a new pine package, which fixes a security
bug. Unfortunately the patch brokes IMAP support for pine.
Now there is a new package available which works correctly.
Three security threats were found in the vixie crond, which is shipped
with SuSE Linux.
1) no boundchecking on a local buffer, while copying data from MAILTO
2) passing invalid options to sendmail
3) it doesn't drop root privileges while sending acknowledge mail
to a user
The security breach occurs when you try to transfer an empty
directory into a non-existent directory.
In that case rsync sets the permissions of the working directory
to those of the empty directory; this means, that the permissions
of your home directory are changed to the file access mode of the
empty directory if you do a remote rsync by using ssh/rsh.
The way in.identd is started by inetd from a standard /etc/inetd.conf on
a SuSE Linux distribution may be exploited to mount a Denial-of-Service
attack against the system.
When inetd starts in.identd with the "wait" flag and the "-w -t120"
options, the in.identd will start to listen on the well known port
while inetd deactivates its own listener for the time in.identd
is alive.