zen-parse discovered a problem in the at command containing an extra call to free() which can lead to a segfault with a carefully crafted, but incorrect, format. This is caused due to a heap corruption that can be exploited under certain circumstances because the at command is installed setuid root. Thanks to SuSE for an additional security improvement that ads the O_EXCL (exclusive) option to the open(2) system call inside the at code.
066814fda6dfc8f74721861a90c1d167 8.1/RPMS/at-3.1.8-4.1mdk.i586.rpm 8205596ce7b87d8dca57a6d9285dd1d1 8.1/SRPMS/at-3.1.8-4.1mdk.src.rpm
bc46bc259124e1de45063503d8be2940 ia64/8.1/RPMS/at-3.1.8-4.1mdk.ia64.rpm 8205596ce7b87d8dca57a6d9285dd1d1 ia64/8.1/SRPMS/at-3.1.8-4.1mdk.src.rpm