Yellow Dog Linux Security Advisory: YDU-20030409-2

Rick Thomas yellowdog-general@lists.terrasoftsolutions.com
Wed Apr 16 00:52:01 2003 

Well, I'm doing something wrong, but for the life of me, I can't figure out
what...

Hardware: Apple Power Macintosh 6500/225 with 128 MB RAM, 80 GB IDE
hard-disk, CD-ROM reader, and 100 MB Zip drive.

Booted the install CD via BootX and did a fresh "server" install with 4GB
for "/", 1 GB for swap, and 64 GB for /home.

Following the reboot, I logged in as "root" and immediately did
    apt-get update
followed by
    apt-get upgrade
to pick up any security fixes (such as the one mentioned in the enclosed
update notice).  It told me that a bunch of cups-printer packages were
obsoleted and I should use the "-f" option.  So I quit the upgrade and did
    apt-get -f upgrade
which ran to completion.  I then tried to do another
    apt-get upgrade
to see if there was anything else out there, and it gave me thousands of
errors about things (like /bin/sh of all things!) being not installable.


What did I do wrong?


Help!

Rick 




on 4/14/03 1:31 PM, Troy Vitullo at security@terrasoftsolutions.com wrote:

> Yellow Dog Linux Security Announcement
> --------------------------------------
> 
> Package: evolution
> Issue Date: April 09, 2003
> Priority: medium
> Advisory ID:  YDU-20030409-2
> 
> 
> 1.  Topic:
> 
> Updated evolution packages are available.
> 
> 
> 2.  Problem:
> 
> Ximian Evolution, a groupware suite for GNOME, contains several
> vulnerabilities that allow well-crafted emails to crash the
> program and cause other instabilities.
> 
> Evolution users are advised to upgrade to the following errata
> packages that address these issues.
> 
> 
> 3.  Solution:
> 
> a) Updating via apt...
> We suggest that you use the apt-get program to keep your
> system up-to-date. The following command(s) will retrieve
> and install the fixed version of this update onto your system:
> 
> apt-get update
> apt-get install evolution
> 
> b) Updating manually...
> Download the updates below and then run the following rpm command.
> (Please use a mirror site)
> 
> rpm -Fvh [filenames]
> Yellow Dog Linux 3.0
> ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
> ppc/evolution-1.2.2-5a.ppc.rpm
> SRPMS/evolution-1.2.2-5a.src.rpm
> 
> Yellow Dog Linux 2.3
> ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
> ppc/evolution-1.0.8-9.7x.1a.ppc.rpm
> SRPMS/evolution-1.0.8-9.7x.1a.src.rpm
> 
> 
> 4. Verification
> 
> MD5 checksum     Package
> --------------------------------  ----------------------------
> [Yellow Dog Linux 3.0]
> f6ec2c351e640bf9574b047579160d94   SRPMS/evolution-1.2.2-5a.src.rpm
> 5a7245ead4805cb7ea3ed3910e6864a0   ppc/evolution-1.2.2-5a.ppc.rpm
> 
> [Yellow Dog Linux 2.3]
> 96826b88e3fe6d1a4529194ef6f182e7  ppc/evolution-1.0.8-9.7x.1a.ppc.rpm
> 900ba3f0b698923fbc67a450723fa253  SRPMS/evolution-1.0.8-9.7x.1a.src.rpm
> 
> If you wish to verify that each package has not been corrupted or tampered
> with,
> examine the md5sum with the following command: md5sum <filename>
> 
> 
> 5. Misc.
> 
> Terra Soft has setup a moderated mailing list where these security, bugfix,
> and package
> enhancement announcements will be posted. See
> http://lists.terrasoftsolutions.com/ for more
> information.
> 
> For information regarding the usage of apt-get, see:
> http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml
> _______________________________________________
> yellowdog-updates mailing list
> yellowdog-updates@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-updates
>