Yellow Dog Linux Security Advisory: YDU-20020606-2

Dan Burcaw yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:23 -0600 (MDT) 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	nss_ldap	
Issue Date: 	June 06, 2002	
Priority:	medium		
Advisory ID: 	YDU-20020606-2


1. 	Topic:

	Updated nss_ldap packages are available.


2. 	Problem:

	"The [nss_ldap] module provides authentication for user access to a system by
	consulting a directory using LDAP. Versions of [nss_ldap] prior to version
	144 include a format string bug in the logging function. The packages
	included in this erratum update [nss_ldap] to version 144, fixing this bug.

	The Common Vulnerabilities and Exposures project (cve.mitre.org) has
	assigned the name CAN-2002-0374 to this issue.

	Due to differences in the default behavior of the [nss_ldap] module when
	performing account management, the version of authconfig included in
	[Yellow Dog Linux 2.2] will generate incorrect /etc/pam.d/system-auth files for this
	version of [nss_ldap].  This update includes an updated version of
	authconfig for [Yellow Dog Linux 2.2] which addresses this problem.

	Our thanks go to the pam_ldap team at padl.com for bringing this to our
	attention."
	(from Red Hat Advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install nss_ldap authconfig 

   	b) Updating manually...
   	The update can also be retrieved manually from our ftp site
   	below along with the rpm command that should be used to install
   	the update.  (Please use a mirror site)

   		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
		rpm -Fvh nss_ldap-189-2.ppc.rpm
		rpm -Fvh authconfig-4.1.19.2-1.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
bcc6a0ebe130c633592ee0dcd4c356df  ppc/authconfig-4.1.19.2-1.ppc.rpm
79268cb16005e49a206e4bea975ba890  ppc/nss_ldap-189-2.ppc.rpm
4df437d31ba6be8529a8cb0e9bf3d2fc  SRPMS/authconfig-4.1.19.2-1.src.rpm
8022ca535a27eb6ec399db69b3cea6e0  SRPMS/nss_ldap-189-2.src.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml