Yellow Dog Linux Security Advisory: YDU-20020819-1

yellowdog-updates@lists.terrasoftsolutions.com yellowdog-updates@lists.terrasoftsolutions.com
Mon, 19 Aug 2002 13:53:00 -0600 (MDT) 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	krb5
Issue Date: 	August 19, 2002	
Priority:	medium
Advisory ID: 	YDU-20020819-1


1. 	Topic:

	Updated krb5 packages are available.


2. 	Problem:

	"Sun RPC is a remote procedure call framework which allows clients to
	invoke procedures in a server process over a network.  XDR is a mechanism
	for encoding data structures for use with RPC.  

	The Kerberos 5 network authentication system contains an RPC library
	which includes an XDR decoder derived from Sun's RPC implementation.
	The Sun implementation was recently demonstrated to be vulnerable to
	a heap overflow.  It is believed that the attacker needs to be able to
	authenticate to the kadmin daemon for this attack to be successful.
	No exploits are known to currently exist."
	(from Red Had advisory)

3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install krb5-libs

   	b) Updating manually...
	Download the updates below for your version of Yellow Dog Linux
	and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]

		Yellow Dog Linux 2.3
			ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
				ppc/krb5-devel-1.2.4-2.3a.ppc.rpm
				ppc/krb5-libs-1.2.4-2.3a.ppc.rpm
				ppc/krb5-server-1.2.4-2.3a.ppc.rpm
				ppc/krb5-workstation-1.2.4-2.3a.ppc.rpm

		Yellow Dog Linux 2.2
			ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/
				ppc/krb5-devel-1.2.4-2.2a.ppc.rpm
				ppc/krb5-libs-1.2.4-2.2a.ppc.rpm
				ppc/krb5-server-1.2.4-2.2a.ppc.rpm
				ppc/krb5-workstation-1.2.4-2.2a.ppc.rpm
			  	

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 2.3]
9be92530cbedc5ed4854e718e4793e95  ppc/krb5-devel-1.2.4-2.3a.ppc.rpm
97ac5a2a87e69c231d50bf52f753957e  ppc/krb5-libs-1.2.4-2.3a.ppc.rpm
ae4d4cb26f933dc1af5c5226dc39a229  ppc/krb5-server-1.2.4-2.3a.ppc.rpm
3d5d16125be2b589bb7c111a78044087  ppc/krb5-workstation-1.2.4-2.3a.ppc.rpm
56524b6ca8a0d9c8c64e7a0f6fc7adde  SRPMS/krb5-1.2.4-2.3a.src.rpm

[Yellow Dog Linux 2.2]
42d30e86048fa585d5f3ce1b4c2ab425  ppc/krb5-devel-1.2.4-2.2a.ppc.rpm
23bd4b37e5c2cafdd6b1f03c25356c3f  ppc/krb5-libs-1.2.4-2.2a.ppc.rpm
1a0a9976e78904fe711821d74ff63579  ppc/krb5-server-1.2.4-2.2a.ppc.rpm
479ecb9fb713f1c32e159120cf8b7ce4  ppc/krb5-workstation-1.2.4-2.2a.ppc.rpm
e146eafda43134c6b0fb3479eb3e2c82  SRPMS/krb5-1.2.4-2.2a.src.rpm

I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml