Yellow Dog Linux Security Advisory: YDU-20020606-2
Dan Burcaw
yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:23 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: nss_ldap
Issue Date: June 06, 2002
Priority: medium
Advisory ID: YDU-20020606-2
1. Topic:
Updated nss_ldap packages are available.
2. Problem:
"The [nss_ldap] module provides authentication for user access to a system by
consulting a directory using LDAP. Versions of [nss_ldap] prior to version
144 include a format string bug in the logging function. The packages
included in this erratum update [nss_ldap] to version 144, fixing this bug.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0374 to this issue.
Due to differences in the default behavior of the [nss_ldap] module when
performing account management, the version of authconfig included in
[Yellow Dog Linux 2.2] will generate incorrect /etc/pam.d/system-auth files for this
version of [nss_ldap]. This update includes an updated version of
authconfig for [Yellow Dog Linux 2.2] which addresses this problem.
Our thanks go to the pam_ldap team at padl.com for bringing this to our
attention."
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install nss_ldap authconfig
b) Updating manually...
The update can also be retrieved manually from our ftp site
below along with the rpm command that should be used to install
the update. (Please use a mirror site)
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
rpm -Fvh nss_ldap-189-2.ppc.rpm
rpm -Fvh authconfig-4.1.19.2-1.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
bcc6a0ebe130c633592ee0dcd4c356df ppc/authconfig-4.1.19.2-1.ppc.rpm
79268cb16005e49a206e4bea975ba890 ppc/nss_ldap-189-2.ppc.rpm
4df437d31ba6be8529a8cb0e9bf3d2fc SRPMS/authconfig-4.1.19.2-1.src.rpm
8022ca535a27eb6ec399db69b3cea6e0 SRPMS/nss_ldap-189-2.src.rpm
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml