All versions of the Linux kernel have a vulnerability in the ptrace code, normally used for debugging purposes. A malicious local user could use ptrace facilities to obtain root privileges.
This upgrade is recommended for dm-3.9-28 systems only. The OfficeServer and other images derived from the earlier dm-3.1-15 image use a 2.2 kernel rather than the 2.4 kernel. The uprade from 2.2 to 2.4, while possible, requires several other components to be updated as well.
The default configuration of OfficeServer does not allow for local users on the system, so the risk from this bug is low.
Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help.