Yellow Dog Linux Security Advisory: YDU-20030627-1

Terra Soft Security Team yellowdog-updates@lists.terrasoftsolutions.com
Fri, 27 Jun 2003 16:10:14 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	ypserv
Issue Date:	Jun 27,2003   
Priority:	medium
Advisory ID: 	YDU-20030627-1


1. 	Topic:

	Updated ypserv packages are available.


2. 	Problem:

	"The ypserv package contains the Network Information Service (NIS) server.

	A vulnerability has been discovered in the ypserv NIS server prior to
	version 2.7. If a malicious client queries ypserv via TCP and subsequently
	ignores the server's response, ypserv will block attempting to send the
	reply. This results in ypserv failing to respond to other client requests.

	Versions 2.7 and above of ypserv have been altered to fork a child for each
	client request, thus preventing any one request from causing the server to
	block."

	From Red Hat Advisory

3. 	Solution:

   	a) Updating via yum... [for Yellow Dog Linux 3.0]
	We suggest that you use the yum program to keep your
        system up-to-date. The following command(s) will retrieve
	and install the fixed version of this update onto your system:

		yum update ypserv

	b) Updating via apt... [for Yellow Dog Linux 2.3]
        We suggest that you use the apt-get program to keep you
        system up-to-date. The following command(s) will retrieve
        and install the fixed version of this update onto your system:

                apt-get update
                apt-get install ypserv

	c) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/ypserv-2.8-0.9E.ppc.rpm

		Yellow Dog Linux 2.3
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/ypserv-2.8-0.72E.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
ca493682fefb3b7a8751b6ab14894737  SRPMS/ypserv-2.8-0.9E.src.rpm
f52413f68d7774042de276a45cd1ef17  ppc/ypserv-2.8-0.9E.ppc.rpm

[Yellow Dog Linux 2.3]
38e8e4c169929f2efd00cc05e5fe0f46  SRPMS/ypserv-2.8-0.72E.src.rpm
97fa6288d0dcb55eb68869d1a20af67b  ppc/ypserv-2.8-0.72E.ppc.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml