Yellow Dog Linux Security Advisory: YDU-20030602-6

security yellowdog-updates@lists.terrasoftsolutions.com
Tue, 03 Jun 2003 18:48:35 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package: 	lv	
Issue Date:	Jun 02,2003
Priority:	medium
Advisory ID: 	YDU-20030602-6


1. 	Topic:

	Updated lv packages are available.


2. 	Problem:
	
	"Lv is a powerful file viewer similar to less. It can decode and encode
	multilingual streams through many coding systems, such as ISO-8859,
	ISO-2022, EUC, SJIS Big5, HZ, and Unicode.

	A bug has been found in versions of lv that read a .lv file in the current
	directory. Local attackers can use this to place an .lv file in any
	directory to which they have write access. Any user who subsequently runs
	lv in that directory and uses the v (edit) command can be forced to execute
	an arbitrary program.

	Users are advised to upgrade to these erratum packages, which contain a
	version of lv that is patched to read the .lv configuration file only in
	the user's home directory."
	
	(From Red Hat Advisory)

3. 	Solution:

    	a) Updating via apt...
    	We suggest that you use the apt-get program to keep your
    	system up-to-date. The following command(s) will retrieve
    	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install lv

    	b) Updating manually...
	Download the updates below and then run the following rpm command.
    	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/lv-4.49.4-9.9.1.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
67e24c650a40ff04057ea66c3507fc5c  SRPMS/lv-4.49.4-9.9.1.src.rpm
952aad11c68f410994afe02dddff12cd  ppc/lv-4.49.4-9.9.1.ppc.rpm

If you wish to verify that each package has not been corrupted or 
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, 
bugfix, and package
enhancement announcements will be posted. See 
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml