Yellow Dog Security Advisory: YDU-20030127-4
yellowdog-updates@lists.terrasoftsolutions.com
yellowdog-updates@lists.terrasoftsolutions.com
Mon, 27 Jan 2003 01:14:19 -0700 (MST)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: webalizer
Issue Date: January 27, 2003
Priority: medium
Advisory ID: YDU-20030127-4
1. Topic:
Updated webalizer packages are available.
2. Problem:
"The Webalizer is a Web server log file analysis program which produces
detailed usage reports in HTML format.
A buffer overflow in Webalizer versions prior to 2.01-10, when configured
to use reverse DNS lookups, may allow remote attackers to execute arbitrary
code by connecting to the monitored Web server from an IP address that
resolves to a long hostname.
[Yellow Dog Linux 2.3] shipped with Webalizer 2.01-9 which is vulnerable to this
issue.
Users of webalizer on [Yellow Dog Linux 2.3] are advised to upgrade to these
errata packages which contain Webalizer version 2.01-09 with backported
security and bug fix patches."
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install webalizer
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/webalizer-2.01_09-1.72.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
c15f69de408b21dbb01075c449e7d2a7 ppc/webalizer-2.01_09-1.72.ppc.rpm
a82cdaf10888b523bf6a84be4e174970 SRPMS/webalizer-2.01_09-1.72.src.rpm
I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml