Yellow Dog Linux Security Advisory: YDU-20030602-6
security
yellowdog-updates@lists.terrasoftsolutions.com
Tue, 03 Jun 2003 18:48:35 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: lv
Issue Date: Jun 02,2003
Priority: medium
Advisory ID: YDU-20030602-6
1. Topic:
Updated lv packages are available.
2. Problem:
"Lv is a powerful file viewer similar to less. It can decode and encode
multilingual streams through many coding systems, such as ISO-8859,
ISO-2022, EUC, SJIS Big5, HZ, and Unicode.
A bug has been found in versions of lv that read a .lv file in the current
directory. Local attackers can use this to place an .lv file in any
directory to which they have write access. Any user who subsequently runs
lv in that directory and uses the v (edit) command can be forced to execute
an arbitrary program.
Users are advised to upgrade to these erratum packages, which contain a
version of lv that is patched to read the .lv configuration file only in
the user's home directory."
(From Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install lv
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 3.0
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/lv-4.49.4-9.9.1.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 3.0]
67e24c650a40ff04057ea66c3507fc5c SRPMS/lv-4.49.4-9.9.1.src.rpm
952aad11c68f410994afe02dddff12cd ppc/lv-4.49.4-9.9.1.ppc.rpm
If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml