Yellow Dog Linux Security Advisory: YDU-20030409-2

Rick Thomas yellowdog-general@lists.terrasoftsolutions.com
Thu Apr 17 22:27:01 2003 

> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--Boundary_(ID_GHwSZ0nFu+ZIl44H6vfZvA)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT

Has anyone tried installing this patch?

I'm attaching a transcript of what happens to me when I try.

This is a "virgin" system that I just installed from CDs made from the "NEW"
Yellowdog Linux 3.0 ISOs that I downloaded from YDL.net (enhanced).


Help?

Rick

"Not the sort of behavior you ordinarily expect form a major appliance..."
    -- Ghostbusters

=======================================================================
on 4/14/03 1:31 PM, Troy Vitullo at security@terrasoftsolutions.com wrote:

Yellow Dog Linux Security Announcement
--------------------------------------

Package: evolution
Issue Date: April 09, 2003
Priority: medium
Advisory ID:  YDU-20030409-2


1.  Topic:

Updated evolution packages are available.


2.  Problem:

Ximian Evolution, a groupware suite for GNOME, contains several
vulnerabilities that allow well-crafted emails to crash the
program and cause other instabilities.

Evolution users are advised to upgrade to the following errata
packages that address these issues.


3.  Solution:

a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:

apt-get update
apt-get install evolution

b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)

rpm -Fvh [filenames]
Yellow Dog Linux 3.0
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/evolution-1.2.2-5a.ppc.rpm
SRPMS/evolution-1.2.2-5a.src.rpm

Yellow Dog Linux 2.3
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/evolution-1.0.8-9.7x.1a.ppc.rpm
SRPMS/evolution-1.0.8-9.7x.1a.src.rpm


4. Verification

MD5 checksum     Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
f6ec2c351e640bf9574b047579160d94   SRPMS/evolution-1.2.2-5a.src.rpm
5a7245ead4805cb7ea3ed3910e6864a0   ppc/evolution-1.2.2-5a.ppc.rpm

[Yellow Dog Linux 2.3]
96826b88e3fe6d1a4529194ef6f182e7  ppc/evolution-1.0.8-9.7x.1a.ppc.rpm
900ba3f0b698923fbc67a450723fa253  SRPMS/evolution-1.0.8-9.7x.1a.src.rpm

If you wish to verify that each package has not been corrupted or tampered
with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix,
and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml
_______________________________________________
yellowdog-updates mailing list
yellowdog-updates@lists.terrasoftsolutions.com
http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-updates



--Boundary_(ID_GHwSZ0nFu+ZIl44H6vfZvA)
Content-type: multipart/appledouble;
 boundary="Boundary_(ID_owHPng4CzG4toylqoHhzBw)"


--Boundary_(ID_owHPng4CzG4toylqoHhzBw)
Content-type: application/applefile; name=YDL_30_patch_transcript.txt
Content-transfer-encoding: base64
Content-disposition: attachment; filename=YDL_30_patch_transcript.txt

AAUWBwACAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAJAAAAPgAAACAAAAADAAAAXgAAABsAAAAC
AAAAeQAAAX5URVhUUipjaAEAARwDwAAAAAAAAAAAAAAAAAAAAAAAAFlETF8zMF9wYXRjaF90
cmFuc2NyaXB0LnR4dAAAAQAAAAFMAAAATAAAADIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABIAAlNb25hY28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAQALQAJAvYCdgAtAAkC
9gJ2usT1pwAAC0cAAAtHAAAAAAEAAAABAAAAAUwAAABMAAAAMlNPUlQC2gCAABwAMgAATVBT
UgAAAAoD7f//AAAAADnW88A=

--Boundary_(ID_owHPng4CzG4toylqoHhzBw)
Content-type: text/plain; name=YDL_30_patch_transcript.txt;
 x-mac-creator=522A6368; x-mac-type=54455854
Content-transfer-encoding: 7BIT
Content-disposition: attachment; filename=YDL_30_patch_transcript.txt

[root@lilserver root]# apt-get update
Get:1 http://ftp.yellowdoglinux.com apt/3.0 release [791B]
Fetched 791B in 0s (1524B/s)
Get:1 http://ftp.yellowdoglinux.com apt/3.0/base pkglist [1302kB]
Get:2 http://ftp.yellowdoglinux.com apt/3.0/base release [123B]
Get:3 http://ftp.yellowdoglinux.com apt/3.0/base srclist [151kB]
Get:4 http://ftp.yellowdoglinux.com apt/3.0/update pkglist [17.2kB]
Get:5 http://ftp.yellowdoglinux.com apt/3.0/update release [125B]
Get:6 http://ftp.yellowdoglinux.com apt/3.0/update srclist [2312B]
Fetched 1473kB in 25s (57.3kB/s)
Reading Package Lists... Done
Collecting File Provides... Done
[root@lilserver root]# apt-get install evolution
Reading Package Lists... Done
Building Dependency Tree... Done
You might want to run `apt-get -f install' to correct these:
The following packages have unmet dependencies:
  evolution: Depends: scrollkeeper (>= 0.1.4) but it is not going to be installed
             Depends: bonobo (>= 1.0.14) but it is not going to be installed
             Depends: GConf (>= 1.0.7) but it is not going to be installed
             Depends: oaf (>= 0.6.10) but it is not going to be installed
             Depends: soup (>= 0.7.10) but it is not going to be installed
             Depends: bonobo-conf (>= 0.16) but it is not going to be installed
             Depends: gnome-spell (>= 0.5) but it is not going to be installed
             Depends: libIIOP.so.0
             Depends: libORBit.so.0
             Depends: libORBitCosNaming.so.0
             Depends: libORBitutil.so.0
             Depends: libart_lgpl.so.2
             Depends: libbonobo-print.so.2
             Depends: libbonobo.so.2
             Depends: libbonobo_conf.so.0
             Depends: libbonobox.so.2
             Depends: libgal.so.21
             Depends: libgconf-1.so.1
             Depends: libgconf-gtk-1.so.1
             Depends: libgdk_imlib.so.1
             Depends: libgdk_pixbuf.so.2
             Depends: libglade-gnome.so.0
             Depends: libglade.so.0
             Depends: libgnome.so.32
             Depends: libgnomecanvaspixbuf.so.1
             Depends: libgnomeprint.so.15
             Depends: libgnomesupport.so.0
             Depends: libgnomeui.so.32
             Depends: libgnomevfs.so.0
             Depends: libgpilotd.so.1
             Depends: libgpilotdcm.so.1
             Depends: libgpilotdconduit.so.1
             Depends: libgtkhtml-1.1.so.3
             Depends: liboaf.so.0
             Depends: libsoup.so.3
  redhat-config-printer: Obsoletes: cups-drivers but 1.9-1.20020617.6 is to be installed
                         Obsoletes: cups-drivers-hpijs but 1.9-1.20020617.6 is to be installed
                         Obsoletes: cups-drivers-pnm2ppa but 1.9-1.20020617.6 is to be installed
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
[root@lilserver root]#


--Boundary_(ID_owHPng4CzG4toylqoHhzBw)--

--Boundary_(ID_GHwSZ0nFu+ZIl44H6vfZvA)--