Yellow Dog Linux Security Advisory: YDU-20030718-1
Terra Soft Security Team
yellowdog-updates@lists.terrasoftsolutions.com
Fri, 18 Jul 2003 15:57:28 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: nfs-utils
Issue Date: Jul 18,2003
Priority: medium
Advisory ID: YDU-20030718-1
1. Topic:
Updated nfs-utils packages are available.
2. Problem:
"The nfs-utils package provides a daemon for the kernel NFS server and
related tools.
Janusz Niewiadomski found a buffer overflow bug in nfs-utils version 1.0.3
and earlier. This bug could be exploited by an attacker, causing a remote
Denial of Service (crash). It is not believed that this bug could lead to
remote arbitrary code execution.
Users are advised to update to these erratum packages, which contain a
backported security patch supplied by the nfs-utils maintainers and are not
vulnerable to this issue."
From Red Hat Advisory
3. Solution:
a) Updating via yum...
We suggest that you use the yum program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
yum update nfs-utils
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/nfs-utils-1.0.1-3.9.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
83992ac9c3007e0fb8bdb617707b6d9d SRPMS/nfs-utils-1.0.1-3.9.src.rpm
1f107e571c38fe49f33cc9f6b2759d9d nfs-utils-1.0.1-3.9.ppc.rpm
If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml