Yellow Dog Linux Security Advisory: YDU-20030718-1

Terra Soft Security Team yellowdog-updates@lists.terrasoftsolutions.com
Fri, 18 Jul 2003 15:57:28 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	nfs-utils
Issue Date:	Jul 18,2003
Priority:	medium
Advisory ID: 	YDU-20030718-1


1. 	Topic:

	Updated nfs-utils packages are available.


2. 	Problem:

	"The nfs-utils package provides a daemon for the kernel NFS server and
	related tools.

	Janusz Niewiadomski found a buffer overflow bug in nfs-utils version 1.0.3
	and earlier. This bug could be exploited by an attacker, causing a remote
	Denial of Service (crash). It is not believed that this bug could lead to
	remote arbitrary code execution.

	Users are advised to update to these erratum packages, which contain a
	backported security patch supplied by the nfs-utils maintainers and are not
	vulnerable to this issue."
	
	From Red Hat Advisory


3. 	Solution:

    	a) Updating via yum...
	We suggest that you use the yum program to keep your
         system up-to-date. The following command(s) will retrieve
	and install the fixed version of this update onto your system:

		yum update nfs-utils

	b) Updating manually...
	Download the updates below and then run the following rpm command.
    	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/nfs-utils-1.0.1-3.9.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
83992ac9c3007e0fb8bdb617707b6d9d  SRPMS/nfs-utils-1.0.1-3.9.src.rpm
1f107e571c38fe49f33cc9f6b2759d9d  nfs-utils-1.0.1-3.9.ppc.rpm

If you wish to verify that each package has not been corrupted or 
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, 
bugfix, and package
enhancement announcements will be posted. See 
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml