Yellow Dog Linux Security Advisory: YDU-20020819-1
yellowdog-updates@lists.terrasoftsolutions.com
yellowdog-updates@lists.terrasoftsolutions.com
Mon, 19 Aug 2002 13:53:00 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: krb5
Issue Date: August 19, 2002
Priority: medium
Advisory ID: YDU-20020819-1
1. Topic:
Updated krb5 packages are available.
2. Problem:
"Sun RPC is a remote procedure call framework which allows clients to
invoke procedures in a server process over a network. XDR is a mechanism
for encoding data structures for use with RPC.
The Kerberos 5 network authentication system contains an RPC library
which includes an XDR decoder derived from Sun's RPC implementation.
The Sun implementation was recently demonstrated to be vulnerable to
a heap overflow. It is believed that the attacker needs to be able to
authenticate to the kadmin daemon for this attack to be successful.
No exploits are known to currently exist."
(from Red Had advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install krb5-libs
b) Updating manually...
Download the updates below for your version of Yellow Dog Linux
and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 2.3
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/krb5-devel-1.2.4-2.3a.ppc.rpm
ppc/krb5-libs-1.2.4-2.3a.ppc.rpm
ppc/krb5-server-1.2.4-2.3a.ppc.rpm
ppc/krb5-workstation-1.2.4-2.3a.ppc.rpm
Yellow Dog Linux 2.2
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/
ppc/krb5-devel-1.2.4-2.2a.ppc.rpm
ppc/krb5-libs-1.2.4-2.2a.ppc.rpm
ppc/krb5-server-1.2.4-2.2a.ppc.rpm
ppc/krb5-workstation-1.2.4-2.2a.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 2.3]
9be92530cbedc5ed4854e718e4793e95 ppc/krb5-devel-1.2.4-2.3a.ppc.rpm
97ac5a2a87e69c231d50bf52f753957e ppc/krb5-libs-1.2.4-2.3a.ppc.rpm
ae4d4cb26f933dc1af5c5226dc39a229 ppc/krb5-server-1.2.4-2.3a.ppc.rpm
3d5d16125be2b589bb7c111a78044087 ppc/krb5-workstation-1.2.4-2.3a.ppc.rpm
56524b6ca8a0d9c8c64e7a0f6fc7adde SRPMS/krb5-1.2.4-2.3a.src.rpm
[Yellow Dog Linux 2.2]
42d30e86048fa585d5f3ce1b4c2ab425 ppc/krb5-devel-1.2.4-2.2a.ppc.rpm
23bd4b37e5c2cafdd6b1f03c25356c3f ppc/krb5-libs-1.2.4-2.2a.ppc.rpm
1a0a9976e78904fe711821d74ff63579 ppc/krb5-server-1.2.4-2.2a.ppc.rpm
479ecb9fb713f1c32e159120cf8b7ce4 ppc/krb5-workstation-1.2.4-2.2a.ppc.rpm
e146eafda43134c6b0fb3479eb3e2c82 SRPMS/krb5-1.2.4-2.2a.src.rpm
I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml